<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:18:11 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-3486] libsasl buffer overflow with oversized kerberos msgs</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-3486</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;p&gt;Symptoms:&lt;/p&gt;

&lt;p&gt;Driver exception message &quot;&lt;tt&gt;SASL Failure: (-3): overflowed buffer: generic server error&lt;/tt&gt;&quot; manifest when the kerberos ticket size exceeds the driver&apos;s &lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/blob/3f3928c1a739b46ebaaa13df62b37c0348fd6a91/src/libmongoc/src/mongoc/mongoc-cluster-cyrus.c#L38&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;predefined SASL 4K buffer&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;This is confirmed also via a stack trace of the driver:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I0109 12:28:52.877523 24645 xxx.cpp:606] mongocxx::CYRUS-SASL:TRACE: _mongoc_cyrus_start():317 Created new sasl client successfully&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I0109 12:28:52.877530 24645 xxx.cpp:606] mongocxx::CYRUS-SASL:TRACE: _mongoc_cyrus_is_failure():238 Got status: 0 ok is 0, continue=1 interact=2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I0109 12:28:52.880652 24645 xxx.cpp:606] mongocxx::CYRUS-SASL:TRACE: _mongoc_cyrus_start():329 Started the sasl client successfully&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I0109 12:28:52.880681 24645 xxx.cpp:606] mongocxx::CYRUS-SASL:TRACE: _mongoc_cyrus_is_failure():238 Got status: 1 ok is 0, continue=1 interact=2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;I0109 12:28:52.880690 24645 xxx.cpp:606] mongocxx::CYRUS-SASL:TRACE: _mongoc_cyrus_is_failure():238 Got status: -3 ok is 0, continue=1 interact=2&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;

&lt;p&gt;Preliminary tests of increasing the buffer size appear to resolve the issue, though it is not clear if doing this has any knock on effects.  Also to note when calculating the buffer size, the SASL payload is base64 encoded (thereby contributing to buffer bloat), and the Windows &lt;tt&gt;MaxTokenSize&lt;/tt&gt; is 48K, should you wish to consider interoperability with Active Directory.&lt;/p&gt;</description>
                <environment>Linux client authenticating to Active Directory with GSSAPI (kerberos) authmech</environment>
        <key id="1092485">CDRIVER-3486</key>
            <summary>libsasl buffer overflow with oversized kerberos msgs</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="luke.prochazka@mongodb.com">Luke Prochazka</reporter>
                        <labels>
                    </labels>
                <created>Wed, 15 Jan 2020 03:22:01 +0000</created>
                <updated>Sat, 28 Oct 2023 11:28:58 +0000</updated>
                            <resolved>Wed, 12 Feb 2020 14:36:58 +0000</resolved>
                                    <version>1.13.0</version>
                                    <fixVersion>1.17.0-beta</fixVersion>
                    <fixVersion>1.17.0</fixVersion>
                                    <component>auth</component>
                    <component>network</component>
                                        <votes>1</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="2869717" author="xgen-internal-githook" created="Wed, 12 Feb 2020 03:07:53 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;kevinAlbs&apos;, &apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3486&quot; title=&quot;libsasl buffer overflow with oversized kerberos msgs&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3486&quot;&gt;&lt;del&gt;CDRIVER-3486&lt;/del&gt;&lt;/a&gt; do not run Cyrus on Windows 32 bit&lt;/p&gt;

&lt;p&gt;C:\sasl\lib\sasl2.lib on Evergreen hosts is built for 64 bit.&lt;br/&gt;
We already test on 64 bit.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/1d9493ed5d77b9a7ef4d6159f3a4d73cf1b99479&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/1d9493ed5d77b9a7ef4d6159f3a4d73cf1b99479&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2869715" author="xgen-internal-githook" created="Wed, 12 Feb 2020 03:07:51 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;kevinAlbs&apos;, &apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3486&quot; title=&quot;libsasl buffer overflow with oversized kerberos msgs&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3486&quot;&gt;&lt;del&gt;CDRIVER-3486&lt;/del&gt;&lt;/a&gt; fix UBSAN&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/f3499db2cf91591f147de77b19670da418ed383e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/f3499db2cf91591f147de77b19670da418ed383e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2868907" author="xgen-internal-githook" created="Wed, 12 Feb 2020 02:03:31 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-3486&quot; title=&quot;libsasl buffer overflow with oversized kerberos msgs&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-3486&quot;&gt;&lt;del&gt;CDRIVER-3486&lt;/del&gt;&lt;/a&gt; alloc buffers for SASL&lt;/p&gt;

&lt;p&gt;Instead of using a fixed size 4096 buffer, dynamically&lt;br/&gt;
allocate buffers used for base64 encoding and decoding.&lt;/p&gt;

&lt;p&gt;Also use libbson&apos;s base64 encoding/decoding instead of&lt;br/&gt;
sasl&apos;s&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/e985349af754d3153f1fdfc3bc6df3dd4e4190eb&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/e985349af754d3153f1fdfc3bc6df3dd4e4190eb&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1386466">CDRIVER-3725</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[5002K00000j05QEQAY, 5002K00000nnpCqQAI]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hw5p9j:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>