Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-46630

RemoveSaver writes GCM tag to incorrect file position

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 4.2.5, 4.0.17, 4.4.0-rc0, 4.7.0
    • None
    • None
    • Fully Compatible
    • ALL
    • v4.4, v4.2, v4.0, v3.6
    • Security 2020-03-09, Security 2020-03-23

    Description

      In https://github.com/mongodb/mongo/blob/82424b742342d4b35cf10eb9d471984d1e805210/src/mongo/db/storage/remove_saver.cpp#L123 the output file pointer is reset to 0 to write the calculated GCM tag after the file has been encrypted.

      Unfortunately, the tag should appear at offset 1. Writing the tag here will prevent easy decryption as the contents will appear to contain an invalid version, and the tag will be invalid.

      Note that incorrectly written saver files may still be recovered by moving the tag bytes forward by one, and writing a zero to the version byte.

      A fix should include creating a protector API for requesting tag offset (rather than hardcoding to 1) and moving the write as a whole behind a check for tag size (if it's zero, then there's no tag to write, e.g. CBC mode).

      Attachments

        Activity

          People

            sara.golemon@mongodb.com Sara Golemon
            sara.golemon@mongodb.com Sara Golemon
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: