[SERVER-35137] Unsanitary sasl vsnprintf calls Created: 21/May/18  Updated: 29/Oct/23  Resolved: 22/May/18

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 4.1.1

Type: Bug Priority: Major - P3
Reporter: Billy Donahue Assignee: Billy Donahue
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

This is a classic syslog "%s" error. We should just pretty much always use "%s" format and then the string we want to log as the next argument, just to make it less tempting for a % sign to creep into the format strings under maintenance.

```src/mongo/db/modules/mongo-enterprise-modules/src/sasl/canon_mongodb_internal.cpp:78:41: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
utils->seterror(utils->conn, 0, sb.str().c_str());
^~~~~~~~~~~~~~~~```

 

These get it right:

src/mongo/client/sasl_sspi.cpp:97: utils->seterror(utils->conn, 0, "%s", buffer.c_str());
src/sasl/mongo_sspi.cpp:122: utils->seterror(utils->conn, 0, "%s", buffer.c_str());

 The rest get it sort of wrong:
billy@billydev:~/dev/mongodb/mongo$ git grep -E -n '\b(sasl_)?seterror'
src/mongo/client/cyrus_sasl_client_session.cpp:202: sasl_seterror(conn, 0, "No password data provided");
src/mongo/client/cyrus_sasl_client_session.cpp:211: sasl_seterror(conn, 0, sb.str().c_str());
src/mongo/client/sasl_sspi.cpp:114: cparams->utils->seterror(cparams->utils->conn, 0, "getcallback user failed");
src/mongo/client/sasl_sspi.cpp:122: cparams->utils->seterror(cparams->utils->conn, 0, "user callback failed");
src/mongo/client/sasl_sspi.cpp:130: cparams->utils->seterror(cparams->utils->conn, 0, "no @REALM found in username");
src/mongo/client/sasl_sspi.cpp:190: cparams->utils->seterror(cparams->utils->conn, 0, "SSPI: no serverFQDN");
src/mongo/client/sasl_sspi.cpp:255: cparams->utils->seterror(cparams->utils->conn, 0, "SSPI: server message is too short");
src/mongo/client/sasl_sspi.cpp:262: cparams->utils->seterror(
src/mongo/client/sasl_sspi.cpp:458: utils->seterror(utils->conn, 0, "Wrong SSPI version");

src/sasl/canon_mongodb_internal.cpp:62: utils->seterror(utils->conn, 0, "All-whitespace username.");
src/sasl/canon_mongodb_internal.cpp:68: utils->seterror(utils->conn, 0, "Canonicalized username too long.");
src/sasl/canon_mongodb_internal.cpp:78: utils->seterror(utils->conn, 0, sb.str().c_str());
src/sasl/cyrus_sasl_authentication_session.cpp:126: sasl_seterror(conn, 0, errorMsg.str().c_str());
src/sasl/cyrus_sasl_authentication_session.cpp:133: sasl_seterror(conn, 0, sb.str().c_str());
src/sasl/mongo_sspi.cpp:141: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: no serverFQDN");
src/sasl/mongo_sspi.cpp:184: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: client unexpectedly sent data");
src/sasl/mongo_sspi.cpp:310: sparams->utils->seterror(
src/sasl/mongo_sspi.cpp:317: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: wrong security layer from client");
src/sasl/mongo_sspi.cpp:324: sparams->utils->seterror(sparams->utils->conn, 0, "SSPI: no authz name in auth handshake");

 



 Comments   
Comment by Githook User [ 22/May/18 ]

Author:

{'username': 'BillyDonahue', 'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com'}

Message: SERVER-35137 sasl seterror formats
Branch: master
https://github.com/mongodb/mongo/commit/d05b22711acde181745b8319d779bc2fb9f14cd6

Comment by Githook User [ 22/May/18 ]

Author:

{'username': 'BillyDonahue', 'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com'}

Message: SERVER-35137 fix sasl logging formats
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/f80b71b6947dbeecee796876338566af38ed219e

Generated at Thu Feb 08 04:38:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.