[SERVER-11237] auditlogging of updateUser with an empty roles array causes seg fault Created: 17/Oct/13  Updated: 11/Jul/16  Resolved: 23/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: Matt Dannenberg Assignee: Matt Dannenberg
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Steps To Reproduce:

updateUser with no role array

Participants:

 Description   

So, I start mongod with audit and in the mongo shell, I do db.runCommand( { updateUser: "kayRead", customData:

{ tmp: "dyb"}

} )

That causes the below seg fault. bummer.

2013-10-16T18:46:06.307-0400 [initandlisten] waiting for connections on port 27017
2013-10-16T18:46:09.199-0400 [initandlisten] connection accepted from 127.0.0.1:63490 #1 (1 connection now open)
2013-10-16T18:46:09.200-0400 [conn1] authenticate db: admin

{ authenticate: 1, nonce: "5c180d2dc5f344d2", user: "kayRead", key: "299c33f11428f8c2df8ce9c4cbc8f3fc" }

2013-10-16T18:47:04.937-0400 [conn1] Attempting to lock user data for: Update user
Invalid access at address: 0 from thread: conn1
Got signal: 11 (Segmentation fault: 11).
Backtrace:
0x10bac76db 0x10b483fcb 0x10b484181 0x7fff8ed3090a 0x7fff8edb05c5 0x10b76c2a5 0x10b76b99b 0x10b76cd1f 0x10b76c044 0x10b777a33 0x10b603988 0x10b634cc5 0x10b635a76 0x10b6366ac 0x10b7b9f3e 0x10b7baa2d 0x10b71eefa 0x10b48a414 0x10ba8edd1 0x10bafa095
0 mongod 0x000000010bac76db _ZN5mongo15printStackTraceERSo + 43
1 mongod 0x000000010b483fcb _ZN5mongo10abruptQuitEi + 251
2 mongod 0x000000010b484181 ZN5mongo24abruptQuitWithAddrSignalEiP9_siginfoPv + 257
3 libsystem_c.dylib 0x00007fff8ed3090a _sigtramp + 26
4 libsystem_c.dylib 0x00007fff8edb05c5 vasprintf_l + 246
5 mongod 0x000000010b76c2a5 ZN5mongo5audit12_GLOBAL_N_114encodeTextBodyERKNS0_10AuditEventERSo + 309
6 mongod 0x000000010b76b99b ZN5mongo5audit12_GLOBAL_N_121AuditEventTextEncoder6encodeERKNS0_10AuditEventERSo + 81
7 mongod 0x000000010b76cd1f ZN5mongo6logger21RotatableFileAppenderINS_5audit10AuditEventEE6appendERKS3 + 177
8 mongod 0x000000010b76c044 ZN5mongo6logger9LogDomainINS_5audit10AuditEventEE6appendERKS3 + 62
9 mongod 0x000000010b777a33 _ZN5mongo5audit13logUpdateUserEPNS_11ClientBasicERKNS_8UserNameEbPKNS_7BSONObjEPKSt6vectorINS_4User8RoleDataESaISB_EE + 643
10 mongod 0x000000010b603988 _ZN5mongo13CmdUpdateUser3runERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 1954
11 mongod 0x000000010b634cc5 _ZN5mongo12_execCommandEPNS_7CommandERKSsRNS_7BSONObjEiRSsRNS_14BSONObjBuilderEb + 37
12 mongod 0x000000010b635a76 _ZN5mongo7Command11execCommandEPS0_RNS_6ClientEiPKcRNS_7BSONObjERNS_14BSONObjBuilderEb + 1920
13 mongod 0x000000010b6366ac _ZN5mongo12_runCommandsEPKcRNS_7BSONObjERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 1388
14 mongod 0x000000010b7b9f3e _ZN5mongo11runCommandsEPKcRNS_7BSONObjERNS_5CurOpERNS_11_BufBuilderINS_16TrivialAllocatorEEERNS_14BSONObjBuilderEbi + 46
15 mongod 0x000000010b7baa2d ZN5mongo8runQueryERNS_7MessageERNS_12QueryMessageERNS_5CurOpES1 + 2301
16 mongod 0x000000010b71eefa _ZN5mongo16assembleResponseERNS_7MessageERNS_10DbResponseERKNS_11HostAndPortE + 1818
17 mongod 0x000000010b48a414 _ZN5mongo16MyMessageHandler7processERNS_7MessageEPNS_21AbstractMessagingPortEPNS_9LastErrorE + 308
18 mongod 0x000000010ba8edd1 _ZN5mongo17PortMessageServer17handleIncomingMsgEPv + 1681
19 mongod 0x000000010bafa095 thread_proxy + 229

If I pass in the command w/o the roles: [ … ]

db.runCommand( { updateUser: "kayRead", customData:

{ tmp: "dyb"}

} )

with audit turned on, it segfaults (w/o audit, just updates the user with my customData)

When I pass in the command with the roles array, we're good.

16> db.runCommand( { updateUser: "kayAdmin", roles: [

{ role: 'read', db: 'test' }

] } )

{ "ok" : 1 }

2013-10-16T20:30:03.184-0400 [conn1] Attempting to lock user data for: Update user
2013-10-16T20:30:03.185-0400 kay@admin 127.0.0.1:63961/127.0.0.1:27017 000000000000000000000000.0 Updated user kayAdmin@auditDB with the following roles: read@test.



 Comments   
Comment by auto [ 23/Oct/13 ]

Author:

{u'username': u'dannenberg', u'name': u'matt dannenberg', u'email': u'matt.dannenberg@10gen.com'}

Message: SERVER-11237 avoid segfault when auditlogging an updateUser with no roles array
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/ca914467a5e7ccc69e5ce0d4ed93ac8083faaf22

Generated at Thu Feb 08 03:25:16 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.