Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.1.0-rc0, 7.0.0-rc8, 4.4.24, 5.0.20, 6.0.9
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Backport Requested:

v7.0, v6.0, v5.0, v4.4
Sprint:
Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24
Case:
Confidence Status:
None
Work Order:
3
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

WrappedConnection::bindAsUser invokes an underlying LDAP connection's bindAsUser method, by is scheduling a lambda onto an executor which calls the method, and waiting for the resolution of a result future. This future might be resolved by successful conclusion of the lambda, or by a timeout alarm.

Unfortunately, it is possible for the timeout to elapse and for WrappedConnection::bindAsUser to return with a not-OK Status before the lambda completes its execution. This means that reference captured variables used by the lambda might fall out of scope while they are being used.

is duplicated by

SERVER-77502 LDAP connection pool may use dangling reference to bind options after timeout

Closed

SERVER-75153 Log LDAP disconnect leaks and limit copying of LDAP bind options

Closed

is related to

SERVER-77962 Investigate automated injection of faults/delays into promise completion

Open

Assignee:: Varun Ravichandran
Reporter:: Spencer Jackson
Participants:: Spencer Jackson, Varun Ravichandran
Votes:: 1 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: May 18 2023 09:18:04 PM UTC
Updated:: Oct 29 2023 09:21:13 PM UTC
Resolved:: Jul 17 2023 02:20:17 PM UTC
Confidence Status Last Update:: 28/Jun/23 6:50 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates