Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-62668

Synchronize access to ImpersonatedUserMetadata in OperationContext.

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.3.0, 4.2.19, 4.4.13, 5.0.7
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • v5.0, v4.4, v4.2
    • Security 2022-01-24
    • 156

      There is a race condition between "$currentOp" and request threads for the ImpersonatedUserMetadata in OperationContext. To prevent this, ImpersonatedUserMetadata needs to be guarded with synchronization.

      ImpersonatedUserMetadata is a decoration on the OperationContext. It read/written to by the thread that owns the thread. It is read by the $currentOp thread while the $currentOp thread owns the client lock. Access to it could be guarded with the Client lock or a dedicated mutex.

            Assignee:
            gabriel.marks@mongodb.com Gabriel Marks
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: