Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37527

Broken logic in ServerMechanismBase class.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 4.0.0, 4.0.3, 4.1.3
    • 4.0.5, 4.1.6
    • Internal Code, Security
    • None
    • Fully Compatible
    • ALL
    • v4.0
    • Security 2018-11-05, Security 2018-11-19, Security 2018-12-03

    Description

      The ServerMechanismBase class has isDone method. Comment in the source code of this method say:

       

          /**
           * Returns true if the conversation has completed.
           * Note that this does not mean authentication succeeded!
           * An error may have occurred.
           */
      

      The problem is that if SASL error occurs isDone will never return true because of this code in ServerMechanismBase::step:

       

       

              auto result = stepImpl(opCtx, input);
              if (result.isOK()) {
                  bool isDone;
                  std::string responseMessage;
                  std::tie(isDone, responseMessage) = result.getValue();
                  _done = isDone;
                  return responseMessage;
              }
      

      As you can see _done variable is only assigned if step's result is OK.

       

       

      This bug affects AuthenticationSession's lifecycle management implemented in CmdSaslStart::run and CmdSaslContinue::run methods. In case of authentication error (for example in case of the wrong password) those methods fail to destroy current client's AuthenticationSession instance because mechanism.isDone() returns false.

      Attachments

        Issue Links

          Activity

            People

              sara.golemon@mongodb.com Sara Golemon
              igorsol Igor Solodovnikov
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: