Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-60200

Fix use-after-free in mongoauditdecrypt

    XMLWordPrintableJSON

Details

    • Icon: Task Task
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 5.1.0-rc0
    • None
    • None
    • None
    • Fully Compatible
    • Security 2021-10-04
    • 167

    Description

      When the parseAuditHeaderFromJSON() function performs a AuditHeaderOptionsDocument::parse() of the input audit header BSON object fileHeaderBSON, it stores an un-owned BSONObj for the _keyStoreIdentifier member variable. This causes a use-after-free when the owning BSON object goes out of scope at function return, and the resulting AuditHeaderOptionsDocument object's _keyStoreIdentifier is used later in createKeyManagerFromHeader().

       

      Attachments

        Activity

          People

            erwin.pe@mongodb.com Erwin Pe
            erwin.pe@mongodb.com Erwin Pe
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: