Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-37527

Broken logic in ServerMechanismBase class.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 4.0.0, 4.0.3, 4.1.3
    • Fix Version/s: 4.0.5, 4.1.6
    • Component/s: Internal Code, Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.0
    • Sprint:
      Security 2018-11-05, Security 2018-11-19, Security 2018-12-03

      Description

      The ServerMechanismBase class has isDone method. Comment in the source code of this method say:

       

          /**
           * Returns true if the conversation has completed.
           * Note that this does not mean authentication succeeded!
           * An error may have occurred.
           */
      

      The problem is that if SASL error occurs isDone will never return true because of this code in ServerMechanismBase::step:

       

       

              auto result = stepImpl(opCtx, input);
              if (result.isOK()) {
                  bool isDone;
                  std::string responseMessage;
                  std::tie(isDone, responseMessage) = result.getValue();
                  _done = isDone;
                  return responseMessage;
              }
      

      As you can see _done variable is only assigned if step's result is OK.

       

       

      This bug affects AuthenticationSession's lifecycle management implemented in CmdSaslStart::run and CmdSaslContinue::run methods. In case of authentication error (for example in case of the wrong password) those methods fail to destroy current client's AuthenticationSession instance because mechanism.isDone() returns false.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: