[SERVER-11475] Recursion through role graph with user-defined roles causes seg faults Created: 30/Oct/13  Updated: 27/Jan/17  Resolved: 14/Nov/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: Samantha Ritter (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File actions.js     File qa_341_chain_roles.js    
Issue Links:
Related
related to SERVER-27821 Make `large_role_chain.js` not run on... Closed
Operating System: Linux
Participants:

 Description   

Try to create large chain of linked roles:

Role0 -> Role1 -> Role2 -> Role3 -> ..... -> RoleN

At some value of N (depending on machine) seg fault will occur. It seems stack is blown, from many recursive calls to RoleGraph::_recomputePrivilegeDataHelper.

Try to create a cycle of linked roles:

Role0 -> Role1 -> Role2 -> Role3 -> ..... -> RoleN -> Role0

Trying to create a large cycle (1600 roles) causes a segmentation fault. We think that the stack blew up (too many recursive calls to search through the role graph?). From the stack trace, it seems that 1396 calls to the RoleGraph::_recomputePrivilegeDataHelper went through before it blew the top.

Test that produced bugs is attached.



 Comments   
Comment by Githook User [ 14/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11475 Change recomputePrivilegeData from recursive to iterative to avoid exhausting the stack
Branch: master
https://github.com/mongodb/mongo/commit/b88b6e6c6e783d10bf3f73f4778f45cbe848cff6

Generated at Thu Feb 08 03:25:53 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.