<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:21:40 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CDRIVER-4699] Memory leak in scram authentication upon connection retry</title>
                <link>https://jira.mongodb.org/browse/CDRIVER-4699</link>
                <project id="10030" key="CDRIVER">C Driver</project>
                    <description>&lt;h4&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;Summary&lt;/h4&gt;

&lt;p&gt;When a mongo client is created with connection string having an invalid port, and with serverSelectionTryOnce=false. The string scram-&amp;gt;auth_message is overwritten during the retry attempt and it leads to memory leak.&lt;/p&gt;

&lt;p&gt;This was detected using Visual Leak Detector.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;Environment&quot;&gt;&lt;/a&gt;Environment&lt;/h4&gt;

&lt;p&gt;C driver version 1.23.2&lt;/p&gt;

&lt;p&gt;Windows 10 64-bit x86&lt;/p&gt;

&lt;p&gt;Compiled the C driver with VS2022 which is probably not a support VS version but the issue should be reproducible with lower versions of VS too.&lt;/p&gt;

&lt;p&gt;#define MONGOC_ENABLE_CRYPTO 1&lt;/p&gt;

&lt;p&gt;All settings are default settings while compiling the driver.&lt;/p&gt;

&lt;p&gt;A MongoDB server is not required to see the memory leak.&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;HowtoReproduce&quot;&gt;&lt;/a&gt;How to Reproduce&lt;/h4&gt;

&lt;p&gt;An example code to reproduce this issue is given after the steps&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;Create a mongo client with connection string having login details of a user to be authenticated with SCRAM 256. The connection string should have serverSelectionTryOnce=false, and should have a port on which no server is running so that the mongoc would retry connection.&lt;/li&gt;
	&lt;li&gt;Run a simple ping command using mongoc_client_command_simple()&lt;/li&gt;
	&lt;li&gt;Observe that the string scram-&amp;gt;auth_message is overwritten during the retry without being freed up first.&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;mongoc_client_t* test_client = mongoc_client_new(&quot;mongodb://userName:userPwd@validHostname:invalidPort/DbName?serverSelectionTryOnce=false&quot;);&lt;br/&gt;
bson_t reply, *command = BCON_NEW(&quot;ping&quot;, BCON_INT32(1));&lt;br/&gt;
bool retval = mongoc_client_command_simple(client, &quot;admin&quot;, command, NULL, &amp;amp;reply, &amp;amp;error);&lt;/p&gt;
&lt;h4&gt;&lt;a name=&quot;AdditionalBackground&quot;&gt;&lt;/a&gt;Additional Background&lt;/h4&gt;

&lt;p&gt;Please see Visual Leak Detector call stack in the attached text file.&lt;/p&gt;</description>
                <environment></environment>
        <key id="2401466">CDRIVER-4699</key>
            <summary>Memory leak in scram authentication upon connection retry</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="kevin.albertson@mongodb.com">Kevin Albertson</assignee>
                                    <reporter username="mandeepx81@yahoo.co.in">Mandeep Singh</reporter>
                        <labels>
                    </labels>
                <created>Wed, 26 Jul 2023 14:43:38 +0000</created>
                <updated>Sat, 28 Oct 2023 11:27:47 +0000</updated>
                            <resolved>Fri, 28 Jul 2023 20:23:52 +0000</resolved>
                                    <version>1.24.2</version>
                                    <fixVersion>1.24.3</fixVersion>
                                    <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="5599525" author="xgen-internal-githook" created="Fri, 28 Jul 2023 20:23:35 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4699&quot; title=&quot;Memory leak in scram authentication upon connection retry&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4699&quot;&gt;&lt;del&gt;CDRIVER-4699&lt;/del&gt;&lt;/a&gt; fix leak on repeated attempts to authenticate (#1364)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4699&quot; title=&quot;Memory leak in scram authentication upon connection retry&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4699&quot;&gt;&lt;del&gt;CDRIVER-4699&lt;/del&gt;&lt;/a&gt; add regression test&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;Call `_mongoc_scram_destroy` when resetting auth state&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;only call if `MONGOC_ENABLE_CRYPTO` is defined&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;`_mongoc_scram_destroy` is conditionally defined. If `MONGOC_ENABLE_CRYPTO` is not defined, scram auth is not supported.&lt;br/&gt;
Branch: r1.24&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/be4008a815b723a33c92bce0c124934fe708c441&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/be4008a815b723a33c92bce0c124934fe708c441&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5599521" author="xgen-internal-githook" created="Fri, 28 Jul 2023 20:22:32 +0000"  >&lt;p&gt;Author: &lt;/p&gt;
{&apos;name&apos;: &apos;Kevin Albertson&apos;, &apos;email&apos;: &apos;kevin.albertson@mongodb.com&apos;, &apos;username&apos;: &apos;kevinAlbs&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4699&quot; title=&quot;Memory leak in scram authentication upon connection retry&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4699&quot;&gt;&lt;del&gt;CDRIVER-4699&lt;/del&gt;&lt;/a&gt; fix leak on repeated attempts to authenticate (#1364)&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/CDRIVER-4699&quot; title=&quot;Memory leak in scram authentication upon connection retry&quot; class=&quot;issue-link&quot; data-issue-key=&quot;CDRIVER-4699&quot;&gt;&lt;del&gt;CDRIVER-4699&lt;/del&gt;&lt;/a&gt; add regression test&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;Call `_mongoc_scram_destroy` when resetting auth state&lt;/li&gt;
&lt;/ul&gt;


&lt;ul&gt;
	&lt;li&gt;only call if `MONGOC_ENABLE_CRYPTO` is defined&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;`_mongoc_scram_destroy` is conditionally defined. If `MONGOC_ENABLE_CRYPTO` is not defined, scram auth is not supported.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-c-driver/commit/dcb0b7f389ed315f39f4b976707678fcebed849e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-c-driver/commit/dcb0b7f389ed315f39f4b976707678fcebed849e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="5592718" author="dbeng-pm-bot" created="Wed, 26 Jul 2023 14:43:41 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=mandeepx81%40yahoo.co.in&quot; class=&quot;user-hover&quot; rel=&quot;mandeepx81@yahoo.co.in&quot;&gt;mandeepx81@yahoo.co.in&lt;/a&gt;, thank you for reporting this issue! The team will look into it and get back to you soon. &lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="465018" name="mongoc-vld-leak-call-stack-1.txt" size="1726" author="mandeepx81@yahoo.co.in" created="Wed, 26 Jul 2023 14:43:27 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|i21okw:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>