Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-77502

LDAP connection pool may use dangling reference to bind options after timeout

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security
    • ALL

      The LDAP connection pool enforces timeouts by setting an alarm on one thread, performing the bind on another, and having them race against each other to set the return value to the caller. If the alarm wins the race, then the caller receives a timeout error from the alarm thread, unblocks, and propagates the error. However, the thread performing the bind continues working asynchronously, and it receives the bind options from the caller by reference. As a result, the server may see undefined behavior from the system LDAP library accessing the bind options after the timeout.

      The server should strictly scope the lifetime of the bind options such that they remain in scope as long as any active connection in the pool is still consuming them, irrespective of whether or not the connection has been timed out.

            backlog-server-security [DO NOT USE] Backlog - Security Team
            varun.ravichandran@mongodb.com Varun Ravichandran
            0 Vote for this issue
            2 Start watching this issue