Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77502

LDAP connection pool may use dangling reference to bind options after timeout

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
      None
    • Server Security
    • ALL

      The LDAP connection pool enforces timeouts by setting an alarm on one thread, performing the bind on another, and having them race against each other to set the return value to the caller. If the alarm wins the race, then the caller receives a timeout error from the alarm thread, unblocks, and propagates the error. However, the thread performing the bind continues working asynchronously, and it receives the bind options from the caller by reference. As a result, the server may see undefined behavior from the system LDAP library accessing the bind options after the timeout.

      The server should strictly scope the lifetime of the bind options such that they remain in scope as long as any active connection in the pool is still consuming them, irrespective of whether or not the connection has been timed out.

            Assignee:
            backlog-server-security Backlog - Security Team
            Reporter:
            varun.ravichandran@mongodb.com Varun Ravichandran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'slack.nextup.jira:slack-integration-plus'. Please contact your Jira administrators.