[SERVER-25455] Use-after-free in DBClientConnection when handling application name metadata Created: 05/Aug/16  Updated: 13/Aug/16  Resolved: 05/Aug/16

Status: Closed
Project: Core Server
Component/s: Internal Client
Affects Version/s: None
Fix Version/s: 3.3.11

Type: Bug Priority: Major - P3
Reporter: Andrew Morrow (Inactive) Assignee: Andrew Morrow (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 18 (08/05/16)
Participants:
Linked BF Score: 0

 Description   

The DBClientConnection::_applicationName field holds an owned string that represents the currently set value of the 'application' metadata field. In some code paths, a StringData that views that owned string is passed to a function which uses the StringData to re-write the _applicationName. That is fine, however, the code then continues to use the passed in StringData, which now refers to freed memory.



 Comments   
Comment by Githook User [ 05/Aug/16 ]

Author:

{u'username': u'acmorrow', u'name': u'Andrew Morrow', u'email': u'acm@mongodb.com'}

Message: SERVER-25455 Fix use-after-free due to parameter aliasing member
Branch: master
https://github.com/mongodb/mongo/commit/9cf1165c0f9a91548f01ab107520e5a53ab8f876

Generated at Thu Feb 08 04:09:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.