A segfault reported in mongodb/mongo-php-driver#666 appears to come from the following usage of the PHP driver:
<?php // A null connection string defaults to "mongodb://127.0.0.1:27017" $m = new MongoDB\Driver\Manager(null, ['authMechanism' => 'SCRAM-SHA-1', 'ssl' => false]); // Execute a basic ping command to trigger connection initialization $c = $m->executeCommand('admin', new MongoDB\Driver\Command(['ping'=>1])); var_dump($c->toArray()[0]);
GDB backtrace:
(gdb) bt #0 0x00007fb8ec696527 in _mongoc_scram_start (scram=0x7ffd250df610, outbuf=0x7ffd250df810 "n,,n=", outbufmax=4096, outbuflen=0x7ffd250df49c, error=0x2e71788) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-scram.c:206 #1 0x00007fb8ec6978e6 in _mongoc_scram_step (scram=0x7ffd250df610, inbuf=0x7ffd250df810 "n,,n=", inbuflen=0, outbuf=0x7ffd250df810 "n,,n=", outbufmax=4096, outbuflen=0x7ffd250df49c, error=0x2e71788) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-scram.c:840 #2 0x00007fb8ec668ba0 in _mongoc_cluster_auth_node_scram (cluster=0x2e6e208, stream=0x2e6d830, error=0x2e71788) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:1143 #3 0x00007fb8ec6692b0 in _mongoc_cluster_auth_node (cluster=0x2e6e208, stream=0x2e6d830, hostname=0x2e714a0 "127.0.0.1", max_wire_version=5, error=0x2e71788) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:1303 #4 0x00007fb8ec66a192 in mongoc_cluster_fetch_stream_single (cluster=0x2e6e208, server_id=1, reconnect_ok=true, error=0x2e70d40) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:1758 #5 0x00007fb8ec669bfc in _mongoc_cluster_stream_for_server (cluster=0x2e6e208, server_id=1, reconnect_ok=true, error=0x2e70d40) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:1603 #6 0x00007fb8ec66a81d in _mongoc_cluster_stream_for_optype (cluster=0x2e6e208, optype=MONGOC_SS_READ, read_prefs=0x2e6d6f0, error=0x2e70d40) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:1978 #7 0x00007fb8ec66a87e in mongoc_cluster_stream_for_reads (cluster=0x2e6e208, read_prefs=0x2e6d6f0, error=0x2e70d40) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cluster.c:2008 #8 0x00007fb8ec676283 in _mongoc_cursor_fetch_stream (cursor=0x2e70b80) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cursor.c:579 #9 0x00007fb8ec676411 in _mongoc_cursor_initial_query (cursor=0x2e70b80) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cursor.c:624 #10 0x00007fb8ec67a96b in _mongoc_cursor_next (cursor=0x2e70b80, bson=0x7ffd250e0cb8) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cursor.c:1828 #11 0x00007fb8ec67a67a in mongoc_cursor_next (cursor=0x2e70b80, bson=0x7ffd250e0cb8) at /home/jmikola/workspace/mongodb/phpc/src/libmongoc/src/mongoc/mongoc-cursor.c:1760 #12 0x00007fb8ec6b8c99 in phongo_advance_cursor_and_check_for_error (cursor=0x2e70b80) at /home/jmikola/workspace/mongodb/phpc/php_phongo.c:525 #13 0x00007fb8ec6b9033 in phongo_execute_command (client=0x2e6e200, db=0x7fb8ecc793d8 "admin", zcommand=0x7fb8ecc131a0, zreadPreference=0x0, server_id=-1, return_value=0x7fb8ecc130f0, return_value_used=1) at /home/jmikola/workspace/mongodb/phpc/php_phongo.c:608 #14 0x00007fb8ec6d2527 in zim_Manager_executeCommand (execute_data=0x7fb8ecc13140, return_value=0x7fb8ecc130f0) at /home/jmikola/workspace/mongodb/phpc/src/MongoDB/Manager.c:304 ...
Looking to the exact point of failure takes us to this line in mongoc-scram.c. It looks like libmongoc is accessing scram->user without first ensuring it is not null.
I quickly tested how libmongoc reacts if username is set on the URI but password remains unset. I encountered an "Authentication failed" error/exception instead of a segfault. I'm not sure if there may be a lingering issue with a null scram->pass value later in the SCRAM flow, but that may be worth a look.
- is depended on by
-
PHPC-1045 Segfault if username is not provided for SCRAM-SHA-1 authMechanism
- Closed
- related to
-
CDRIVER-2351 Inconsistent #ifdef checks for mongoc-scram.c functions
- Backlog
- links to