Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25455

Use-after-free in DBClientConnection when handling application name metadata

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.3.11
    • Affects Version/s: None
    • Component/s: Internal Client
    • Labels:
      None
    • Fully Compatible
    • ALL
    • Platforms 18 (08/05/16)
    • 0

      The DBClientConnection::_applicationName field holds an owned string that represents the currently set value of the 'application' metadata field. In some code paths, a StringData that views that owned string is passed to a function which uses the StringData to re-write the _applicationName. That is fine, however, the code then continues to use the passed in StringData, which now refers to freed memory.

            Assignee:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Reporter:
            andrew.morrow@mongodb.com Andrew Morrow (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: