[CDRIVER-1316] Copy strings referred by mongoc_ssl_opts_t Created: 04/Jun/16  Updated: 07/Apr/17  Resolved: 08/Jun/16

Status: Closed
Project: C Driver
Component/s: libmongoc, tls
Affects Version/s: None
Fix Version/s: 1.4.0

Type: Improvement Priority: Major - P3
Reporter: A. Jesse Jiryu Davis Assignee: Ian Boros
Resolution: Done Votes: 0
Labels: intern2016
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to CDRIVER-1209 _mongoc_cluster_auth_node_x509 segfau... Closed
is related to PHPC-677 Keep mongo_ssl_opt_t.pem_file valid f... Closed

 Description   

As reported by acm here:

https://github.com/mongodb/mongo-cxx-driver/pull/490

... it's surprising and dangerous that mongoc_client_set_ssl_opts and mongoc_client_pool_set_ssl_opts copy only the options struct, and not also the strings to which it refers.



 Comments   
Comment by Githook User [ 07/Apr/17 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@mongodb.com'}

Message: Merge remote-tracking branch 'upstream/master'

Comment by Githook User [ 07/Apr/17 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@php.net'}

Message: CDRIVER-2121 Update set_ssl_opts since CDRIVER-1316
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/0f53bcffe6bd04d680ef37d74dab7c0c5b1080db

Comment by Githook User [ 09/Jun/16 ]

Author:

{u'username': u'puppyofkosh', u'name': u'puppyofkosh', u'email': u'puppyofkosh@gmail.com'}

Message: CDRIVER-1316 Fixed ENABLE_SSL compile issue (#331)
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/08ae3dd43ac49f30114345497db07588f3369fe6

Comment by A. Jesse Jiryu Davis [ 08/Jun/16 ]

No backport; I'm hoping not to do 1.3.6 at all, and if it is it'll be for incendiary bugs only.

Comment by Hannes Magnusson [ 08/Jun/16 ]

That doesn't sound like a good idea at all.

These are no longer consts, and I worry about the case where people use (or just read the docs for) the latest version of the driver, and then deploy on 1.3.5, and kaboom.

Unless the docs are clearly updated with backwards and future compatible example, I don't think we should merge this to 1.3

Comment by Andrew Morrow (Inactive) [ 08/Jun/16 ]

Will this get backported to the 1.3 release? I don't need it to be as I've worked around the issue for now, but per the comment in https://github.com/mongodb/mongo-cxx-driver/pull/490 it sounds ilke it could be?

Comment by Githook User [ 08/Jun/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: Merge pull request #329 from puppyofkosh/CDRIVER-1316

CDRIVER-1316: copy strings from mongoc_ssl_opt_t
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/6cbb6c06fca1c1bcd4b6cdd9ee7b9f47419854f4

Comment by Githook User [ 08/Jun/16 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: Merge pull request #329 from puppyofkosh/CDRIVER-1316

CDRIVER-1316: copy strings from mongoc_ssl_opt_t
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/6cbb6c06fca1c1bcd4b6cdd9ee7b9f47419854f4

Comment by Githook User [ 08/Jun/16 ]

Author:

{u'name': u'ian boros', u'email': u'iboros@MacBook-Pro-57.local'}

Message: CDRIVER-1316: copy strings from mongoc_ssl_opt_t
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/15c95548259e31b5cf4adc84d1f761e48e2bccc7

Comment by A. Jesse Jiryu Davis [ 06/Jun/16 ]

Help users not segfault their process if they pass a temporary string as part of the driver's SSL configuration.

Generated at Wed Feb 07 21:12:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.