[SERVER-49487] Use of SSL{Manager,Connection}Interface in `socket` module is not assured to work Created: 13/Jul/20  Updated: 06/Dec/22  Resolved: 13/Jul/20

Status: Closed
Project: Core Server
Component/s: Build
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Drew Paroski Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-48892 {A,UB}SAN builder should use --link-m... Closed
Duplicate
duplicates SERVER-48741 Merge socket and ssl_manager libraries Closed
Assigned Teams:
Server Security
Operating System: ALL
Steps To Reproduce:

With the enterprise module enabled:

/buildscripts/scons.py --variables-files=etc/scons/mongodbtoolchain_v3_clang.vars --dbg=on --opt=on --allocator=system --sanitize=undefined,address --ssl -j30 --nostrip --link-model=dynamic --detect-odr-violations --separate-debug --install-mode=hygienic --install-action=hardlink --implicit-cache --build-fast-and-loose=on install-all install-all-debug -k

Will result in:

...
build/cached/mongo/util/net/libsocket.so: error: undefined reference to 'typeinfo for mongo::SSLManagerInterface'
build/cached/mongo/util/net/libsocket.so: error: undefined reference to 'typeinfo for mongo::SSLConnectionInterface'
clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
...
scons: *** [build/cached/mongo/transport/transport_test] Error 1
...

Participants:

 Description   

The files that make up the socket module make use of types like SSLManagerInterface and SSLConnectionInterface that are defined in the library ssl_manager module. However, the socket library doesn't link to the ssl_manager.

For static builds, this isn't a problem. And for a number of dynamic builds, we happen to get away with it. But not for all builds. In particular, for the "!{A,UB}SAN Enterprise Ubuntu 18.04 DEBUG" build with the "--link-model=dynamic" flag, we find that some tests (such as transport_test) fail to link, presumably because their link graph include socket but not ssl_manager.

The goal of this task is to clarify the relationship between these two modules, and to make changes to scons and do whatever code movement/refactoring is needed to get the "!{A,UB}SAN Enterprise Ubuntu 18.04 DEBUG" build with the "--link-model=dynamic" flag working.

Take a look atĀ SERVER-48736 to see an example of a similar issue involving the query_exec module and the index_access_methods module and how the issue was fixed.

It looks like this might be the last issue blockingĀ SERVER-48892 .


Generated at Thu Feb 08 05:19:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.