Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50180

Fix User lifetime management in AuthorizationManager::acquireUserForSessionRefresh

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.6.20, 4.0.21
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • v3.6
    • Security 2020-08-24
    • 15

      In 3.6 and 4.0, a User object may be leaked in AuthorizationManager::acquireUserForSessionRefresh if an error condition block is taken.

      The User object's ref count must be decremented in this error block.

      The affected code is only in 3.6 and 4.0. It was rewritten in 4.2.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: