[SERVER-60200] Fix use-after-free in mongoauditdecrypt Created: 24/Sep/21  Updated: 29/Oct/23  Resolved: 28/Sep/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.1.0-rc0

Type: Task Priority: Major - P3
Reporter: Erwin Pe Assignee: Erwin Pe
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-59917 Create setParameter for splitting Aud... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-10-04
Participants:
Linked BF Score: 167

 Description   

When the parseAuditHeaderFromJSON() function performs a AuditHeaderOptionsDocument::parse() of the input audit header BSON object fileHeaderBSON, it stores an un-owned BSONObj for the _keyStoreIdentifier member variable. This causes a use-after-free when the owning BSON object goes out of scope at function return, and the resulting AuditHeaderOptionsDocument object's _keyStoreIdentifier is used later in createKeyManagerFromHeader().

 



 Comments   
Comment by Vivian Ge (Inactive) [ 06/Oct/21 ]

Updating the fixversion since branching activities occurred yesterday. This ticket will be in rc0 when it’s been triggered. For more active release information, please keep an eye on #server-release. Thank you!

Comment by Githook User [ 05/Oct/21 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-60200 Fix use-after-free in mongoauditdecrypt
Branch: fausto.leyva/SERVER-57826
https://github.com/10gen/mongo-enterprise-modules/commit/496509060b8165b337fe8af8e089ec95c785c9a2

Comment by Githook User [ 29/Sep/21 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-60200 Fix use-after-free in mongoauditdecrypt
Branch: marksg07/server-59917
https://github.com/10gen/mongo-enterprise-modules/commit/496509060b8165b337fe8af8e089ec95c785c9a2

Comment by Githook User [ 29/Sep/21 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-60200 Fix use-after-free in mongoauditdecrypt
Branch: matthew.russotto/SERVER-57817
https://github.com/10gen/mongo-enterprise-modules/commit/496509060b8165b337fe8af8e089ec95c785c9a2

Comment by Githook User [ 28/Sep/21 ]

Author:

{'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}

Message: SERVER-60200 Fix use-after-free in mongoauditdecrypt
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/496509060b8165b337fe8af8e089ec95c785c9a2

Generated at Thu Feb 08 05:49:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.