[SERVER-19538] Segfault when calling dbexit in SSLManager with auditing enabled Created: 23/Jul/15  Updated: 24/Aug/15  Resolved: 28/Jul/15

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 3.0.4
Fix Version/s: 3.0.6

Type: Bug Priority: Major - P3
Reporter: Max Hirschhorn Assignee: Max Hirschhorn
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Quint Iteration 7
Participants:

 Description   

The following sequence of events trigger the segfault.

  1. The mongod is started up.
  2. The auditing code is initialized.
  3. The SSLManager begins its initialization.
  4. It parses and validates the keyfile specified.
  5. The keyfile is expired or not yet valid, so dbexit() is called.
  6. The auditing code logs that the server is shutting down, but a segfault occurs because currentClient.get() is null.

There are no dependencies between the initialization of the auditing code and the SSLManager, so an fassert occurs when the order of events (2) and (3) are reversed.



 Comments   
Comment by Githook User [ 28/Jul/15 ]

Author:

{u'name': u'Ramon Fernandez', u'email': u'ramon@mongodb.com'}

Message: Revert "Revert "SERVER-19538 fassert instead of calling dbexit() when cert is expired.""

This reverts commit a466693f46fdd7a539dc99389a7258c9290ed3aa.
Branch: v3.0
https://github.com/mongodb/mongo/commit/92311d920534326975178dd98fac4183960ee077

Comment by Githook User [ 27/Jul/15 ]

Author:

{u'username': u'ramonfm', u'name': u'Ramon Fernandez', u'email': u'ramon.fernandez@mongodb.com'}

Message: Revert "SERVER-19538 fassert instead of calling dbexit() when cert is expired."

This reverts commit b6cc64fab37049438a061e93946b0aa4a5b15686.
Branch: v3.0
https://github.com/mongodb/mongo/commit/a466693f46fdd7a539dc99389a7258c9290ed3aa

Comment by Githook User [ 27/Jul/15 ]

Author:

{u'username': u'visemet', u'name': u'Max Hirschhorn', u'email': u'max.hirschhorn@mongodb.com'}

Message: SERVER-19538 fassert instead of calling dbexit() when cert is expired.
Branch: v3.0
https://github.com/mongodb/mongo/commit/b6cc64fab37049438a061e93946b0aa4a5b15686

Comment by Max Hirschhorn [ 23/Jul/15 ]

Per discussion with milkie, we shouldn't call dbexit() in the SSLManager. Andy fixed this as part of his CurOp changes in SERVER-18515. Proposing to backport the changes that were made to ssl_manager.cpp to replace the call to dbexit() with an fassert, bypassing the auditing code.

$ git show d5bf634 -- src/mongo/util/net/ssl_manager.cpp
commit d5bf63455aa614d98ac840f09ce5ca6b813b9507
Author: Andy Schwerin <schwerin@mongodb.com>
Date:   Fri May 15 14:39:52 2015 -0400
 
    SERVER-18515 Replace OperationContext::getCurOp with CurOp::get(OperationContext*)
 
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 652807e..d989d3b 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -693,10 +693,9 @@ namespace mongo {
                 return false;
             }
 
-            if ((notBeforeMillis > curTimeMillis64()) ||
-                (curTimeMillis64() > notAfterMillis)) {
-                dbexit(EXIT_BADOPTIONS,
-                       "The provided SSL certificate is expired or not yet valid.");
+            if ((notBeforeMillis > curTimeMillis64()) || (curTimeMillis64() > notAfterMillis)) {
+                severe() << "The provided SSL certificate is expired or not yet valid.";
+                fassertFailedNoTrace(28652);
             }
 
             *serverCertificateExpirationDate = Date_t::fromMillisSinceEpoch(notAfterMillis);

Generated at Thu Feb 08 03:51:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.