Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25455

Use-after-free in DBClientConnection when handling application name metadata

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.11
    • Component/s: Internal Client
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Platforms 18 (08/05/16)
    • Linked BF Score:
      0

      Description

      The DBClientConnection::_applicationName field holds an owned string that represents the currently set value of the 'application' metadata field. In some code paths, a StringData that views that owned string is passed to a function which uses the StringData to re-write the _applicationName. That is fine, however, the code then continues to use the passed in StringData, which now refers to freed memory.

        Attachments

          Activity

            People

            Assignee:
            acm Andrew Morrow
            Reporter:
            acm Andrew Morrow
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: