Unsanitary sasl vsnprintf calls

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 4.1.1
    • Affects Version/s: None
    • Component/s: Internal Code
    • None
    • Fully Compatible
    • ALL
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      This is a classic syslog "%s" error. We should just pretty much always use "%s" format and then the string we want to log as the next argument, just to make it less tempting for a % sign to creep into the format strings under maintenance.

      ```src/mongo/db/modules/mongo-enterprise-modules/src/sasl/canon_mongodb_internal.cpp:78:41: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
      utils->seterror(utils->conn, 0, sb.str().c_str());
      ^~~~~~~~~~~~~~~~```

       

      These get it right:

      src/mongo/client/sasl_sspi.cpp:97: utils->seterror(utils->conn, 0, "%s", buffer.c_str());
      src/sasl/mongo_sspi.cpp:122: utils->seterror(utils->conn, 0, "%s", buffer.c_str());

       The rest get it sort of wrong:
      billy@billydev:~/dev/mongodb/mongo$ git grep -E -n '\b(sasl_)?seterror'
      src/mongo/client/cyrus_sasl_client_session.cpp:202: sasl_seterror(conn, 0, "No password data provided");
      src/mongo/client/cyrus_sasl_client_session.cpp:211: sasl_seterror(conn, 0, sb.str().c_str());
      src/mongo/client/sasl_sspi.cpp:114: cparams->utils->seterror(cparams->utils->conn, 0, "getcallback user failed");
      src/mongo/client/sasl_sspi.cpp:122: cparams->utils->seterror(cparams->utils->conn, 0, "user callback failed");
      src/mongo/client/sasl_sspi.cpp:130: cparams->utils->seterror(cparams->utils->conn, 0, "no @REALM found in username");
      src/mongo/client/sasl_sspi.cpp:190: cparams->utils->seterror(cparams->utils->conn, 0, "SSPI: no serverFQDN");
      src/mongo/client/sasl_sspi.cpp:255: cparams->utils->seterror(cparams->utils->conn, 0, "SSPI: server message is too short");
      src/mongo/client/sasl_sspi.cpp:262: cparams->utils->seterror(
      src/mongo/client/sasl_sspi.cpp:458: utils->seterror(utils->conn, 0, "Wrong SSPI version");

      src/sasl/canon_mongodb_internal.cpp:62: utils->seterror(utils->conn, 0, "All-whitespace username.");
      src/sasl/canon_mongodb_internal.cpp:68: utils->seterror(utils->conn, 0, "Canonicalized username too long.");
      src/sasl/canon_mongodb_internal.cpp:78: utils->seterror(utils->conn, 0, sb.str().c_str());
      src/sasl/cyrus_sasl_authentication_session.cpp:126: sasl_seterror(conn, 0, errorMsg.str().c_str());
      src/sasl/cyrus_sasl_authentication_session.cpp:133: sasl_seterror(conn, 0, sb.str().c_str());
      src/sasl/mongo_sspi.cpp:141: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: no serverFQDN");
      src/sasl/mongo_sspi.cpp:184: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: client unexpectedly sent data");
      src/sasl/mongo_sspi.cpp:310: sparams->utils->seterror(
      src/sasl/mongo_sspi.cpp:317: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: wrong security layer from client");
      src/sasl/mongo_sspi.cpp:324: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: no authz name in auth handshake");

       

            Assignee:
            Billy Donahue
            Reporter:
            Billy Donahue
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: