[CDRIVER-3488] Use-after-free after popping a session from a client that has been reset Created: 16/Jan/20  Updated: 28/Oct/23  Resolved: 16/Jan/20

Status: Closed
Project: C Driver
Component/s: None
Affects Version/s: 1.15.3
Fix Version/s: 1.16.0

Type: Bug Priority: Major - P3
Reporter: Kevin Albertson Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

Situation:

  • mongoc_client_reset is called on a mongoc_client_t
  • an operation is performed on the client that requires popping a session from the session pool. This would be most operations against 3.6+ server.

Since _mongoc_topology_clear_session_pool does not NULL out topology->session_pool, the next attempt to pop a session results in a use-after-free when accessing topology->session_pool.



 Comments   
Comment by Githook User [ 16/Jan/20 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-3488 NULL session pool on reset
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/d062432e86a9d34e734b60e27cfd8b1cd3c736f2

Generated at Wed Feb 07 21:18:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.