[SERVER-60200] Fix use-after-free in mongoauditdecrypt Created: 24/Sep/21 Updated: 29/Oct/23 Resolved: 28/Sep/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.1.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Security 2021-10-04 | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 167 | ||||||||
| Description |
|
When the parseAuditHeaderFromJSON() function performs a AuditHeaderOptionsDocument::parse() of the input audit header BSON object fileHeaderBSON, it stores an un-owned BSONObj for the _keyStoreIdentifier member variable. This causes a use-after-free when the owning BSON object goes out of scope at function return, and the resulting AuditHeaderOptionsDocument object's _keyStoreIdentifier is used later in createKeyManagerFromHeader().
|
| Comments |
| Comment by Vivian Ge (Inactive) [ 06/Oct/21 ] |
|
Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you! |
| Comment by Githook User [ 05/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Githook User [ 29/Sep/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Githook User [ 29/Sep/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |
| Comment by Githook User [ 28/Sep/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |