Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Critical - P2
Fix Version/s: 6.0.0-rc0
Affects Version/s: 5.3.0-rc4
Component/s: Field Level Encryption
Labels:
- csfle
Environment:
Linux (ubuntu2004 and rhel80), possibly others. Affects at least 5.3.0-rc4 and mongo_csfle_v1-6.0.0-alpha-763-g89c2fbc (current master).

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v5.3
Steps To Reproduce:
Hide

The following steps will (at least on Linux) lead to a crash:

Load mongo_csfle_v1.so

Call mongo_csfle_v1_lib_create()

Call exit() (or return from main()).

Small repro program (with attached valgrind output): https://gist.github.com/addaleax/993e80036cf54231f7d65a037e818de6
Show
The following steps will (at least on Linux) lead to a crash: Load mongo_csfle_v1.so Call mongo_csfle_v1_lib_create() Call exit() (or return from main() ). Small repro program (with attached valgrind output): https://gist.github.com/addaleax/993e80036cf54231f7d65a037e818de6
Sprint:
Security 2022-04-04

The CSFLE shared library runs into the flipside of the static initialization order fiasco when it is active (i.e. a mongo_csfle_v1_lib exists) while the process shuts down.

In particular, this line:

https://github.com/10gen/mongo-enterprise-modules/blob/abe14843df06c8deb4d2ee0e9efade9bbec704ef/src/fle/lib/mongo_csfle.cpp#L293

leads to a call to mongo::runGlobalDeinitializers(), which fails because the global singleton ConstructorActionList has already been destroyed, and consequently to memory corruption which crashes the process with SIGABRT/SIGSEGV.

Assignee:: Sergey Galtsev (Inactive)

Reporter:: Anna Henningsen

Participants:: Ana Meza, Anna Henningsen, Githook User, Sergey Galtsev

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: Mar 24 2022 10:28:30 AM UTC

Updated:: Oct 29 2023 09:40:38 PM UTC

Resolved:: Mar 31 2022 03:18:32 PM UTC

Details

Description

Attachments

Activity

People

Dates