Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77299

Pooled LDAP connections may reference out-of-scope memory after timeout

    • Server Security
    • Fully Compatible
    • ALL
    • v7.0, v6.0, v5.0, v4.4
    • Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24

      WrappedConnection::bindAsUser invokes an underlying LDAP connection's bindAsUser method, by is scheduling a lambda onto an executor which calls the method, and waiting for the resolution of a result future. This future might be resolved by successful conclusion of the lambda, or by a timeout alarm.

      Unfortunately, it is possible for the timeout to elapse and for WrappedConnection::bindAsUser to return with a not-OK Status before the lambda completes its execution. This means that reference captured variables used by the lambda might fall out of scope while they are being used.

            varun.ravichandran@mongodb.com Varun Ravichandran
            spencer.jackson@mongodb.com Spencer Jackson
            1 Vote for this issue
            6 Start watching this issue