[MONGOCRYPT-243] libmongocrypt segfaults if a handle is used without init being called on it Created: 31/Jan/20  Updated: 30/Mar/22

Status: Backlog
Project: Libmongocrypt
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Oleg Pudeyev (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
clones MONGOCRYPT-242 libmongocrypt aborts when mongocrypt_... Backlog
Related
related to MONGOCRYPT-241 libmongocrypt uses asserts and termin... Backlog

 Description   

The program at https://github.com/p-mongo/tests/blob/master/lmc-empty-bson/test-handle-not-inited.c calls mongocrypt_new and then, without calling mongocrypt_init, it calls mongocrypt_ctx_new and mongocrypt_ctx_decrypt_init. This results in a segfault on my system:

 
speed% ./test-handle-not-inited 
zsh: segmentation fault  ./test-handle-not-inited

For reasons described in https://jira.mongodb.org/browse/MONGOCRYPT-241, libmongocrypt segfaulting makes the errors (even if they are originating in libmongocrypt consumers rather than libmongocrypt itself) difficult to debug, and potentially can produce DOS on applications.

I believe libmongocrypt should be performing more runtime checks on its data structures, such that it can fail with ordinary errors in cases of misuse rather than cause termination of the process into which it is loaded.


Generated at Thu Feb 08 09:08:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.