Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-4699

Memory leak in scram authentication upon connection retry

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Unknown Unknown
    • 1.24.3
    • Affects Version/s: 1.24.2
    • Component/s: Authentication
    • None

      Summary

      When a mongo client is created with connection string having an invalid port, and with serverSelectionTryOnce=false. The string scram->auth_message is overwritten during the retry attempt and it leads to memory leak.

      This was detected using Visual Leak Detector.

      Environment

      C driver version 1.23.2

      Windows 10 64-bit x86

      Compiled the C driver with VS2022 which is probably not a support VS version but the issue should be reproducible with lower versions of VS too.

      #define MONGOC_ENABLE_CRYPTO 1

      All settings are default settings while compiling the driver.

      A MongoDB server is not required to see the memory leak.

      How to Reproduce

      An example code to reproduce this issue is given after the steps

      1. Create a mongo client with connection string having login details of a user to be authenticated with SCRAM 256. The connection string should have serverSelectionTryOnce=false, and should have a port on which no server is running so that the mongoc would retry connection.
      2. Run a simple ping command using mongoc_client_command_simple()
      3. Observe that the string scram->auth_message is overwritten during the retry without being freed up first.

      mongoc_client_t* test_client = mongoc_client_new("mongodb://userName:userPwd@validHostname:invalidPort/DbName?serverSelectionTryOnce=false");
      bson_t reply, *command = BCON_NEW("ping", BCON_INT32(1));
      bool retval = mongoc_client_command_simple(client, "admin", command, NULL, &reply, &error);

      Additional Background

      Please see Visual Leak Detector call stack in the attached text file.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            mandeepx81@yahoo.co.in Mandeep Singh
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: