Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-46630

RemoveSaver writes GCM tag to incorrect file position

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.2.5, 4.0.17, 4.4.0-rc0, 4.7.0
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Fully Compatible
    • ALL
    • v4.4, v4.2, v4.0, v3.6
    • Security 2020-03-09, Security 2020-03-23

      In https://github.com/mongodb/mongo/blob/82424b742342d4b35cf10eb9d471984d1e805210/src/mongo/db/storage/remove_saver.cpp#L123 the output file pointer is reset to 0 to write the calculated GCM tag after the file has been encrypted.

      Unfortunately, the tag should appear at offset 1. Writing the tag here will prevent easy decryption as the contents will appear to contain an invalid version, and the tag will be invalid.

      Note that incorrectly written saver files may still be recovered by moving the tag bytes forward by one, and writing a zero to the version byte.

      A fix should include creating a protector API for requesting tag offset (rather than hardcoding to 1) and moving the write as a whole behind a check for tag size (if it's zero, then there's no tag to write, e.g. CBC mode).

            sara.golemon@mongodb.com Sara Golemon
            sara.golemon@mongodb.com Sara Golemon
            0 Vote for this issue
            1 Start watching this issue