[SERVER-12110] Potential buffer overflow in SSLManager::password_cb() due to strcpy() Created: 16/Dec/13  Updated: 11/Jul/16  Resolved: 19/Dec/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Matt Kangas Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: pull-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

First reported here: https://github.com/mongodb/mongo/pull/157

SSLManager::password_cb() is now in ssl_manager.cpp:

https://github.com/mongodb/mongo/blame/master/src/mongo/util/net/ssl_manager.cpp#L441-L446

    int SSLManager::password_cb(char *buf,int num, int rwflag,void *userdata) {
        SSLManager* sm = static_cast<SSLManager*>(userdata);
        std::string pass = sm->_password;
        strcpy(buf,pass.c_str());
        return(pass.size());
    }

strcpy() bad!



 Comments   
Comment by Githook User [ 19/Dec/13 ]

Author:

{u'username': u'renctan', u'name': u'Randolph Tan', u'email': u'randolph@10gen.com'}

Message: SERVER-12110 Fix assertion number collision
Branch: master
https://github.com/mongodb/mongo/commit/5d64d36763fcbb51850e2c7d6fd3c6cfbda6b1cc

Comment by Githook User [ 19/Dec/13 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-12110 Safe buffer handling in SSL pw callback
Branch: master
https://github.com/mongodb/mongo/commit/b7a23c83481055a5daaec8e5686096fa7edadbb2

Generated at Thu Feb 08 03:27:38 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.