[SERVER-17832] Memory leak when MongoD configured with SSL required and handle insecure connection Created: 01/Apr/15  Updated: 19/Sep/15  Resolved: 13/Apr/15

Status: Closed
Project: Core Server
Component/s: Networking, Security
Affects Version/s: None
Fix Version/s: 2.6.9, 3.0.3, 3.1.2

Type: Bug Priority: Major - P3
Reporter: Eitan Klein Assignee: Robert Guo (Inactive)
Resolution: Done Votes: 0
Labels: 32qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Completed:
Sprint: Security 2 04/24/15
Participants:

 Description   

Environment:
db version v3.1.1-pre-
git version: 5e7aa5c9efdea28cc82ff8d0ea0e3a76cf5c94f8
OpenSSL version: OpenSSL 1.0.1m-fips 19 Mar 2015

Scenario:
Low bit corruption with SSL enabled

Problem:

  1. Memory allocated in here
  • SSLConnection* sslConn = new SSLConnection(_serverContext, socket, initialBytes, len);
  1. Memory has not been released during the error handler _handleSSLError()

consider replacing the sslconnection w/ auto release pointer

 
* socket, const char* initialBytes, int len) {
        SSLConnection* sslConn = new SSLConnection(_serverContext, socket, initialBytes, len);
        ScopeGuard sslGuard = MakeGuard(::SSL_free, sslConn->ssl);
        ScopeGuard bioGuard = MakeGuard(::BIO_free, sslConn->networkBIO);
 
        int ret;
        do {
            ret = ::SSL_accept(sslConn->ssl);
        } while(!_doneWithSSLOp(sslConn, ret));
 
        if (ret != 1)
            _handleSSLError(SSL_get_error(sslConn, ret), ret);
 
        sslGuard.Dismiss();
        bioGuard.Dismiss();



 Comments   
Comment by Githook User [ 13/Apr/15 ]

Author:

{u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}

Message: SERVER-17832 Fix Resource Leak on SSL Connect and Accept Exception

Closes #949

Signed-off-by: Ramon Fernandez <ramon.fernandez@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/0ffa0a1535e917d10ea48c9a8773188058106e55

Comment by Githook User [ 13/Apr/15 ]

Author:

{u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}

Message: SERVER-17832 Fix Resource Leak on SSL Connect and Accept Exception (v2.6, v3.0)

Signed-off-by: Ramon Fernandez <ramon.fernandez@mongodb.com>
Branch: v2.6
https://github.com/mongodb/mongo/commit/beb4833ca9c6ce5b6ec528b4fe0ce5818f75905e

Comment by Githook User [ 13/Apr/15 ]

Author:

{u'username': u'guoyr', u'name': u'Robert Guo', u'email': u'robert.guo@10gen.com'}

Message: SERVER-17832 Fix Resource Leak on SSL Connect and Accept Exception (v2.6, v3.0)

Closes #950

Signed-off-by: Ramon Fernandez <ramon.fernandez@mongodb.com>
Branch: v3.0
https://github.com/mongodb/mongo/commit/8e808ee8b4a0f8838218f9b670e8a161784e96dc

Comment by Robert Guo (Inactive) [ 13/Apr/15 ]

backport PR: https://github.com/mongodb/mongo/pull/950

Comment by Robert Guo (Inactive) [ 13/Apr/15 ]

PR: https://github.com/mongodb/mongo/pull/949

Generated at Thu Feb 08 03:45:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.