Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50180

Fix User lifetime management in AuthorizationManager::acquireUserForSessionRefresh

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 3.6.20, 4.0.21
    • None
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Security 2020-08-24
    • 15

    Description

      In 3.6 and 4.0, a User object may be leaked in AuthorizationManager::acquireUserForSessionRefresh if an error condition block is taken.

      The User object's ref count must be decremented in this error block.

      The affected code is only in 3.6 and 4.0. It was rewritten in 4.2.

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: