Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-25455

Use-after-free in DBClientConnection when handling application name metadata

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.3.11
    • Internal Client
    • None
    • Fully Compatible
    • ALL
    • Platforms 18 (08/05/16)
    • 0

    Description

      The DBClientConnection::_applicationName field holds an owned string that represents the currently set value of the 'application' metadata field. In some code paths, a StringData that views that owned string is passed to a function which uses the StringData to re-write the _applicationName. That is fine, however, the code then continues to use the passed in StringData, which now refers to freed memory.

      Attachments

        Activity

          People

            andrew.morrow@mongodb.com Andrew Morrow
            andrew.morrow@mongodb.com Andrew Morrow
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: