[SERVER-44572] Windows null pointer read access violation in SSLHandshakeManager::doServerHandshake Created: 12/Nov/19  Updated: 19/Feb/20  Resolved: 19/Feb/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Shane Harvey Assignee: Mark Benvenuto
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File mongo_python_driver_tests_windows_vs2015_python_version_27plus__platform_windows_vs2015_auth_ssl_auth_ssl_python_version_win_vs2015_2.7_test_latest_standalone_9cf0fbd785086ef1702bbafd2ad92a279fe406e4_19_11_08_19_48_15-0-orchestration.log.txt    
Issue Links:
Depends
depends on SERVER-44736 Remove unnecessary calls to GetProcAd... Closed
depends on SERVER-45592 Raise Windows runtime minimum to Wind... Closed
Related
related to PYTHON-2064 Collect Windows mongod crash dumps fr... Closed
is related to PYTHON-2070 Migrate Windows MongoDB 4.3+ testing ... Closed
Operating System: ALL
Sprint: Security 2019-12-02
Participants:

 Description   

Very similar to SERVER-35125.

Standalone Windows version:

2019-11-08T22:53:52.747+0000 I  CONTROL  [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2019-11-08T22:53:52.747+0000 I  CONTROL  [initandlisten] db version v4.3.0-2084-g6ef06c9
2019-11-08T22:53:52.747+0000 I  CONTROL  [initandlisten] git version: 6ef06c9093462bec22c2219c341b0219f1864cca

The server is crashing when the Python driver attempts to connect with this error:

2019-11-08T22:53:54.585+0000 I  NETWORK  [listener] connection accepted from 127.0.0.1:49242 #2 (1 connection now open)
2019-11-08T22:53:54.665+0000 F  CONTROL  [conn2] *** unhandled exception (access violation) at 0x0000000000000000, terminating
2019-11-08T22:53:54.665+0000 F  CONTROL  [conn2] *** access violation was a DEP violation at 0x0
2019-11-08T22:53:54.665+0000 F  CONTROL  [conn2] *** stack trace for unhandled exception:
2019-11-08T22:53:54.836+0000 I  -        [conn2]                                                                                                                                        ???
mongod.exe    ...\src\mongo\util\net\ssl\detail\impl\schannel.ipp(334)                                                                 asio::ssl::detail::SSLHandshakeManager::doServerHandshake+0x1b6
mongod.exe    ...\src\mongo\util\net\ssl\detail\impl\schannel.ipp(100)                                                                 asio::ssl::detail::SSLHandshakeManager::nextHandshake+0x18d
mongod.exe    ...\src\mongo\util\net\ssl\detail\impl\engine_schannel.ipp(103)                                                          asio::ssl::detail::engine::handshake+0x34
mongod.exe    ...\src\mongo\util\net\ssl\detail\io.hpp(38)                                                                             asio::ssl::detail::io<asio::basic_stream_socket<asio::generic::stream_protocol>,asio::ssl::detail::buffered_handshake_op<asio::mutable_buffers_1> >+0x63
mongod.exe    ...\src\mongo\transport\session_asio.h(617)                                                                              <lambda_3301ff84a878097d756749b8837dd279>::operator()+0xa6
mongod.exe    ...\src\mongo\transport\session_asio.h(623)                                                                              mongo::transport::TransportLayerASIO::ASIOSession::maybeHandshakeSSLForIngress<asio::mutable_buffers_1>+0x2d8
mongod.exe    ...\src\mongo\util\future_impl.h(893)                                                                                    <lambda_e8e27e0b91d6204c863d3216e6eb1b5f>::operator()+0x39
mongod.exe    ...\src\mongo\transport\session_asio.h(402)                                                                              mongo::transport::TransportLayerASIO::ASIOSession::read<asio::mutable_buffers_1>+0xcb
mongod.exe    ...\src\mongo\transport\session_asio.h(355)                                                                              mongo::transport::TransportLayerASIO::ASIOSession::sourceMessageImpl+0x80
mongod.exe    ...\src\mongo\transport\session_asio.h(142)                                                                              mongo::transport::TransportLayerASIO::ASIOSession::sourceMessage+0x53
mongod.exe    ...\src\mongo\transport\service_state_machine.cpp(307)                                                                   <lambda_5064a192bae23f40a4fe23ce2b3de124>::operator()+0x66
mongod.exe    ...\src\mongo\transport\service_state_machine.cpp(517)                                                                   mongo::ServiceStateMachine::_runNextInGuard+0x127
mongod.exe    c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\functional(16707566)  std::_Func_impl_no_alloc<<lambda_b23af5efc3b61ab25bff0c3bcd13382b>,void>::_Do_call+0x5d
mongod.exe    ...\src\mongo\transport\service_executor_synchronous.cpp(125)                                                            <lambda_472996f9e6b00ec91d31b43a6cde81f7>::operator()+0x13d
mongod.exe    c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread(230)      std::_LaunchPad<std::unique_ptr<std::tuple<<lambda_a107131b0689d694f9bc602dd323d0cb> >,std::default_delete<std::tuple<<lambda_a107131b0689d694f9bc602dd323d0cb> > > > >::_Go+0x80
mongod.exe    c:\program files (x86)\microsoft visual studio\2017\professional\vc\tools\msvc\14.16.27023\include\thr\xthread(209)      std::_Pad::_Call_func+0x9
ucrtbase.DLL                                                                                                                           o__realloc_base+0x60
kernel32.dll                                                                                                                           BaseThreadInitThunk+0xd
2019-11-08T22:53:54.836+0000 I  CONTROL  [conn2] writing minidump diagnostic file C:\data\mci\db0e56ad7f7f3e9c9801f00b59c62dd2\drivers-tools\mongodb\bin\mongod.2019-11-08T22-53-54.mdmp
2019-11-08T22:53:55.164+0000 F  CONTROL  [conn2] *** immediate exit due to unhandled exception

This is consistently happening in our Evergreen CI, for example: https://evergreen.mongodb.com/task/mongo_python_driver_tests_windows_vs2015_python_version_27plus__platform~windows_vs2015_auth_ssl~auth_ssl_python_version~win_vs2015_2.7_test_latest_standalone_9cf0fbd785086ef1702bbafd2ad92a279fe406e4_19_11_08_19_48_15

The full mongo-orchestration log file (which includes the full mongod log) is here: mongo_python_driver_tests_windows_vs2015_python_version_27plus__platform_windows_vs2015_auth_ssl_auth_ssl_python_version_win_vs2015_2.7_test_latest_standalone_9cf0fbd785086ef1702bbafd2ad92a279fe406e4_19_11_08_19_48_15-0-orchestration.log.txt



 Comments   
Comment by Mark Benvenuto [ 19/Feb/20 ]

MongoDB 4.4 is not supported on pre-Windows 10 and is now prohibited from running on pre-Windows 10 with SERVER-45592.

Comment by Mark Benvenuto [ 27/Nov/19 ]

As I told Shane over Slack, the reason why mongod.exe is crashing is because SslGetServerIdentity (added in Windows 8) does not exist on Windows 2008 R2. MongoDB no longer supports running on Windows 2008R2. It has a minimum requirement of Windows 10/Windows 2016.

I will need to have discussions with people about how and when to enforce the minimum is now Windows 10.

Comment by Carl Champain (Inactive) [ 12/Nov/19 ]

Hi shane.harvey,

Passing this ticket along to the Security team.

Generated at Thu Feb 08 05:06:21 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.