[CDRIVER-4699] Memory leak in scram authentication upon connection retry Created: 26/Jul/23  Updated: 28/Oct/23  Resolved: 28/Jul/23

Status: Closed
Project: C Driver
Component/s: Authentication
Affects Version/s: 1.24.2
Fix Version/s: 1.24.3

Type: Bug Priority: Unknown
Reporter: Mandeep Singh Assignee: Kevin Albertson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File mongoc-vld-leak-call-stack-1.txt    

 Description   

Summary

When a mongo client is created with connection string having an invalid port, and with serverSelectionTryOnce=false. The string scram->auth_message is overwritten during the retry attempt and it leads to memory leak.

This was detected using Visual Leak Detector.

Environment

C driver version 1.23.2

Windows 10 64-bit x86

Compiled the C driver with VS2022 which is probably not a support VS version but the issue should be reproducible with lower versions of VS too.

#define MONGOC_ENABLE_CRYPTO 1

All settings are default settings while compiling the driver.

A MongoDB server is not required to see the memory leak.

How to Reproduce

An example code to reproduce this issue is given after the steps

  1. Create a mongo client with connection string having login details of a user to be authenticated with SCRAM 256. The connection string should have serverSelectionTryOnce=false, and should have a port on which no server is running so that the mongoc would retry connection.
  2. Run a simple ping command using mongoc_client_command_simple()
  3. Observe that the string scram->auth_message is overwritten during the retry without being freed up first.

mongoc_client_t* test_client = mongoc_client_new("mongodb://userName:userPwd@validHostname:invalidPort/DbName?serverSelectionTryOnce=false");
bson_t reply, *command = BCON_NEW("ping", BCON_INT32(1));
bool retval = mongoc_client_command_simple(client, "admin", command, NULL, &reply, &error);

Additional Background

Please see Visual Leak Detector call stack in the attached text file.



 Comments   
Comment by Githook User [ 28/Jul/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4699 fix leak on repeated attempts to authenticate (#1364)

  • Call `_mongoc_scram_destroy` when resetting auth state
  • only call if `MONGOC_ENABLE_CRYPTO` is defined

`_mongoc_scram_destroy` is conditionally defined. If `MONGOC_ENABLE_CRYPTO` is not defined, scram auth is not supported.
Branch: r1.24
https://github.com/mongodb/mongo-c-driver/commit/be4008a815b723a33c92bce0c124934fe708c441

Comment by Githook User [ 28/Jul/23 ]

Author:

{'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com', 'username': 'kevinAlbs'}

Message: CDRIVER-4699 fix leak on repeated attempts to authenticate (#1364)

  • Call `_mongoc_scram_destroy` when resetting auth state
  • only call if `MONGOC_ENABLE_CRYPTO` is defined

`_mongoc_scram_destroy` is conditionally defined. If `MONGOC_ENABLE_CRYPTO` is not defined, scram auth is not supported.
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/dcb0b7f389ed315f39f4b976707678fcebed849e

Comment by PM Bot [ 26/Jul/23 ]

Hi mandeepx81@yahoo.co.in, thank you for reporting this issue! The team will look into it and get back to you soon.

Generated at Wed Feb 07 21:21:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.