[SERVER-24141] Default uninitialized fields in SSLParams leads to undefined behavior re certificate strength in ESE Created: 07/May/16 Updated: 06/Jun/16 Resolved: 16/May/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.3.8 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andrew Morrow (Inactive) | Assignee: | Andrew Morrow (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | undefined-sanitizer | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Sprint: | Platforms 15 (06/03/16) |
| Participants: |
| Description |
|
The SSLParams constructor does not initialize its bool fields: The KMIP integration in ESE creates an SSLParams object on the stack in getKeyFromKMIPServer. But it does not initialize the SSLParams::sslWeakCertificateValidation field, leaving its value indeterminate. Then, the KMIPService uses these parameters to construct its SSLManager object. As a result, it is indeterminate whether the encrypted storage engine will or will not allow weak certificates. This was found with the undefined behavior sanitizer (look for 'runtime error'): https://logkeeper.mongodb.org/build/572cf7809041304e1901cbde/test/572cf780be07c4295208ee89 |
| Comments |
| Comment by Githook User [ 16/May/16 ] |
|
Author: {u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}Message: |
| Comment by Andreas Nilsson [ 07/May/16 ] |
|
The weakCertificateValidation field is a no-op for SSL clients. It is a server parameter only and determines if clients are allowed to connect without certificates. We shouldn't leave the value uinitialized but I can't see that it has any actual affect on the outgoing connections to a KMIP server. |