Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4694

Do not rely on kms_request_append_payload() to calculate payload length

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.24.3
    • Affects Version/s: None
    • Component/s: Authentication
    • None

      Summary

      libmongoc and libmongocrypt have divergent KMS libraries (CDRIVER-4691). If the libraries are built statically (e.g. PHP driver with bundled sources) and libmongocrypt's KMS library is used, mongoc-cluster-aws.c will trigger an assert failure in kms_request_append_payload() (MONGOCRYPT-581). This breaks MONGODB-AWS authentication.

      Independent of a fix in libmongocrypt to relax the assertion logic, libmongoc can work around this by explicitly calculating the payload length instead of passing -1.

      Environment

      Observed building the PHP driver with libmongoc 1.24.1 and libmongocrypt 1.8.1, but the issue goes back to libmongocrypt 1.7.0.

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: