[SERVER-10875] mongo segfaults while authenticating user with x509 and no command line ops specified Created: 24/Sep/13  Updated: 11/Jul/16  Resolved: 25/Sep/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 2.5.2
Fix Version/s: 2.5.3

Type: Bug Priority: Major - P3
Reporter: Luke Lovett Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

OS X 10.8.5, mongo 2.5.3 and 2.4.5 (built with SSL)


Attachments: Text File backtrace.txt    
Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Steps To Reproduce:

I am able to reproduce this with the latest version of mongod on github (2.5.3-pre-) as well as 2.4.5 (must be compiled with SSL).

# This is how I compiled mongodb
scons --ssl all

1. Start up a mongod without any of the options specified on the docs

./mongod # no command-line opts

2. Start up a mongo shell without any of the options given in the above documentation.

./mongo # no command line opts

3. Follow these instructions for adding an x509 subject as a user

$ mongo --version
MongoDB shell version: 2.4.5
$ mongo
> db.addUser({
    user:"CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US",
    roles:["readAnyDatabase","readWriteAnyDatabase"],
    userSource:"$external"
});
 
# or
$ mongo --version
MongoDB shell version: 2.5.3-pre-
$ mongo
> db.addUser({
    user:"CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US",
    pwd:"anypwd",
    roles:["readWrite","dbAdmin"]
})

4. Follow these instructions for attempting to authenticate with a certificate

> db.getSiblingDB("$external").auth({
    mechanism:"MONGODB-X509",
    user:"CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US"
});

The mongo shell will crash after the 4th step

Participants:

 Description   

mongod will crash with a segmentation fault if you attempt to authenticate a user with x509 through the mongo shell when you haven't specified any SSL command line options.



 Comments   
Comment by auto [ 25/Sep/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-10875 Fixed potential null-pointer derefs for getSSLManager
Branch: master
https://github.com/mongodb/mongo/commit/602fa4c70120da815d93014773eee0454076a7d9

Comment by Andreas Nilsson [ 25/Sep/13 ]

http://codereview.10gen.com/12020005/

Comment by Luke Lovett [ 24/Sep/13 ]

backtrace from gdb when the segfault occurs

Comment by Andreas Nilsson [ 24/Sep/13 ]

I have compiled with
scons -j8 --ssl mongod mongo

but still cannot reproduce. Can you please provide a stack trace of the server crash. Also that command syntax will not work for the latest build since the addUser command has changed. What are the commands you are using for the nightly 2.5.3-pre?

Comment by Luke Lovett [ 24/Sep/13 ]

andreas.nilsson@10gen.com, I think you might be running the mongo shell without SSL support. You need to have mongodb compiled with SSL in order to attempt to authenticate using an x509 certificate. I updated the ticket to make this clearer, and added the exact commands I used.

Generated at Thu Feb 08 03:24:17 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.