In versions of OpenSSL before 1.1.1, RAND_bytes may return duplicate values for different processes with the same PID if those processes were forked from a common parent (where OpenSSL was first initialized). Since libmongoc uses RAND_bytes to generate session IDs, this could result in an undesirable interaction with retryable writes.
This can be mitigated by implementing a PID check in the OpenSSL implementation of mongoc-rand.h that adds additional entropy (e.g. from current time) if a PID change is detected. That can be gated to versions of OpenSSL before 1.1.1.
See also:
Original Description
findOneAndUpdate method returns the same result as it did for the process with the same pid.
Tested on:
Mongo:
Replicated cluster with two nodes and one arbiter
MongoDB server versions: v3.6.23, v4.0.24, v4.2.13, v4.4.5 (also tested on v3.4.24 and v3.2.11 but it works fine there)
PHP:
PHP 7.2.34 (NTS)
mongodb/mongodb: 1.6.1
MongoDB extension version => 1.9.1
System
CentOS Linux release 7.9.2009 (Core)
Linux 3.10.0-1160.el7.x86_64 x86_64
/proc/sys/kernel/pid_max 32768
- related to
-
SERVER-56592 Unexpected results when different commands share the same lsid and txnNumber
- Closed
-
CDRIVER-3971 Error if appending an "lsid" field would introduce a duplicate field
- Backlog