Synchronize access to ImpersonatedUserMetadata in OperationContext.

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 5.3.0, 4.2.19, 4.4.13, 5.0.7
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • ALL
    • v5.0, v4.4, v4.2
    • Security 2022-01-24
    • 156
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None

      There is a race condition between "$currentOp" and request threads for the ImpersonatedUserMetadata in OperationContext. To prevent this, ImpersonatedUserMetadata needs to be guarded with synchronization.

      ImpersonatedUserMetadata is a decoration on the OperationContext. It read/written to by the thread that owns the thread. It is read by the $currentOp thread while the $currentOp thread owns the client lock. Access to it could be guarded with the Client lock or a dedicated mutex.

            Assignee:
            Gabriel Marks
            Reporter:
            Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: