Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.3.0, 4.2.19, 4.4.13, 5.0.7
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v5.0, v4.4, v4.2
Sprint:
Security 2022-01-24
Linked BF Score:
156
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

There is a race condition between "$currentOp" and request threads for the ImpersonatedUserMetadata in OperationContext. To prevent this, ImpersonatedUserMetadata needs to be guarded with synchronization.

ImpersonatedUserMetadata is a decoration on the OperationContext. It read/written to by the thread that owns the thread. It is read by the $currentOp thread while the $currentOp thread owns the client lock. Access to it could be guarded with the Client lock or a dedicated mutex.

Assignee:: Gabriel Marks
Reporter:: Mark Benvenuto
Participants:: Gabriel Marks, Githook User, Mark Benvenuto
Votes:: 0 Vote for this issue
Watchers:: 2 Start watching this issue

Created:: Jan 14 2022 06:49:12 PM UTC
Updated:: Oct 29 2023 09:44:04 PM UTC
Resolved:: Jan 21 2022 08:34:31 PM UTC
Confidence Status Last Update:: 21/Jan/22 7:39 PM

Details

Description

Attachments

Activity

People

Dates