Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77299

Pooled LDAP connections may reference out-of-scope memory after timeout

    XMLWordPrintableJSON

Details

    • Server Security
    • Fully Compatible
    • ALL
    • v7.0, v6.0, v5.0, v4.4
    • Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24

    Description

      WrappedConnection::bindAsUser invokes an underlying LDAP connection's bindAsUser method, by is scheduling a lambda onto an executor which calls the method, and waiting for the resolution of a result future. This future might be resolved by successful conclusion of the lambda, or by a timeout alarm.

      Unfortunately, it is possible for the timeout to elapse and for WrappedConnection::bindAsUser to return with a not-OK Status before the lambda completes its execution. This means that reference captured variables used by the lambda might fall out of scope while they are being used.

      Attachments

        Activity

          People

            varun.ravichandran@mongodb.com Varun Ravichandran
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: