[SERVER-77502] LDAP connection pool may use dangling reference to bind options after timeout Created: 25/May/23  Updated: 05/Jun/23  Resolved: 05/Jun/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Varun Ravichandran Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-77299 Pooled LDAP connections may reference... Closed
Assigned Teams:
Server Security
Operating System: ALL
Participants:

 Description   

The LDAP connection pool enforces timeouts by setting an alarm on one thread, performing the bind on another, and having them race against each other to set the return value to the caller. If the alarm wins the race, then the caller receives a timeout error from the alarm thread, unblocks, and propagates the error. However, the thread performing the bind continues working asynchronously, and it receives the bind options from the caller by reference. As a result, the server may see undefined behavior from the system LDAP library accessing the bind options after the timeout.

The server should strictly scope the lifetime of the bind options such that they remain in scope as long as any active connection in the pool is still consuming them, irrespective of whether or not the connection has been timed out.


Generated at Thu Feb 08 06:35:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.