[SERVER-62668] Synchronize access to ImpersonatedUserMetadata in OperationContext. Created: 14/Jan/22 Updated: 29/Oct/23 Resolved: 21/Jan/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.3.0, 4.2.19, 4.4.13, 5.0.7 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Mark Benvenuto | Assignee: | Gabriel Marks |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v5.0, v4.4, v4.2
|
||||||||
| Sprint: | Security 2022-01-24 | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 156 | ||||||||
| Description |
|
There is a race condition between "$currentOp" and request threads for the ImpersonatedUserMetadata in OperationContext. To prevent this, ImpersonatedUserMetadata needs to be guarded with synchronization. ImpersonatedUserMetadata is a decoration on the OperationContext. It read/written to by the thread that owns the thread. It is read by the $currentOp thread while the $currentOp thread owns the client lock. Access to it could be guarded with the Client lock or a dedicated mutex. |
| Comments |
| Comment by Githook User [ 25/Jan/22 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: (cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a) |
| Comment by Githook User [ 25/Jan/22 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: (cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a) |
| Comment by Githook User [ 25/Jan/22 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: (cherry picked from commit 4cab840d3ee82049f70ef67fad0a29e1af24f31a) |
| Comment by Githook User [ 21/Jan/22 ] |
|
Author: {'name': 'Gabriel Marks', 'email': 'gabriel.marks@mongodb.com', 'username': 'marksg07'}Message: |