[SERVER-46630] RemoveSaver writes GCM tag to incorrect file position Created: 04/Mar/20  Updated: 29/Oct/23  Resolved: 09/Mar/20

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 4.2.5, 4.0.17, 4.4.0-rc0, 4.7.0

Type: Bug Priority: Major - P3
Reporter: Sara Golemon Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Operating System: ALL
Backport Requested:
v4.4, v4.2, v4.0, v3.6
Sprint: Security 2020-03-09, Security 2020-03-23
Participants:

 Description   

In https://github.com/mongodb/mongo/blob/82424b742342d4b35cf10eb9d471984d1e805210/src/mongo/db/storage/remove_saver.cpp#L123 the output file pointer is reset to 0 to write the calculated GCM tag after the file has been encrypted.

Unfortunately, the tag should appear at offset 1. Writing the tag here will prevent easy decryption as the contents will appear to contain an invalid version, and the tag will be invalid.

Note that incorrectly written saver files may still be recovered by moving the tag bytes forward by one, and writing a zero to the version byte.

A fix should include creating a protector API for requesting tag offset (rather than hardcoding to 1) and moving the write as a whole behind a check for tag size (if it's zero, then there's no tag to write, e.g. CBC mode).



 Comments   
Comment by Githook User [ 12/Mar/20 ]

Author:

{'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-46630 Include data protector version byte as part of its tag

(cherry picked from commit 00817f5cb6d202af084fce94ab57b5f127c66b90)
Branch: v4.0
https://github.com/10gen/mongo-enterprise-modules/commit/4ae9e5a780d90c288756f63d2ded1d955313f4f6

Comment by Githook User [ 12/Mar/20 ]

Author:

{'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-46630 Include data protector version byte as part of its tag

(cherry picked from commit 00817f5cb6d202af084fce94ab57b5f127c66b90)
Branch: v4.2
https://github.com/10gen/mongo-enterprise-modules/commit/0f74fca9a69951b2c5afeb972a65cb22043c21f1

Comment by Githook User [ 10/Mar/20 ]

Author:

{'username': 'sgolemon', 'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-46630 Include data protector version byte as part of its tag

(cherry picked from commit 00817f5cb6d202af084fce94ab57b5f127c66b90)
Branch: v4.4
https://github.com/10gen/mongo-enterprise-modules/commit/2615f117a804c9e614567bebe2de8e11cad9d6a5

Comment by Githook User [ 09/Mar/20 ]

Author:

{'username': 'sgolemon', 'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-46630 Include data protector version byte as part of its tag
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/00817f5cb6d202af084fce94ab57b5f127c66b90

Generated at Thu Feb 08 05:12:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.