[SERVER-6548] Unsafe use of _master in ReplicaSetMonitor::_check() and ReplicaSetMonitor::check() can lead to segfault Created: 21/Jul/12  Updated: 15/Aug/12  Resolved: 24/Jul/12

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 2.0.6
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Ben Becker Assignee: Randolph Tan
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
is related to SERVER-6508 Resizing of _nodes and updating _mast... Closed
is related to SERVER-6512 ReplicaSetMonitor::_checkConnection d... Closed
Operating System: ALL
Participants:

 Description   

ReplicaSetMonitor::_check() holds a reference to probablePrimaryIdx across multiple _locks. This could easily be modified between lock acquisitions, yet _master is conditionally set to this index. If ReplicaSetMonitor::check() calls ReplicaSetMonitor::_check() with checkAllSecondaries set to false, a subsequent call to ReplicaSetMonitor::check() could reference a node that's past the bounds of the _nodes vector.

I believe this could cause a segfault in ReplicaSetMonitor::check() as there is no upper bound check on the index of _master:

            // first see if the current master is fine
            if ( _master >= 0 ) {
                masterConn = _nodes[_master].conn;
            }



 Comments   
Comment by Randolph Tan [ 24/Jul/12 ]

Issue is addressed by SERVER-6512

Generated at Thu Feb 08 03:12:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.