-
Type: Bug
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
The program at https://github.com/p-mongo/tests/blob/master/lmc-empty-bson/test-handle-not-inited.c calls mongocrypt_new and then, without calling mongocrypt_init, it calls mongocrypt_ctx_new and mongocrypt_ctx_decrypt_init. This results in a segfault on my system:
speed% ./test-handle-not-inited zsh: segmentation fault ./test-handle-not-inited
For reasons described in https://jira.mongodb.org/browse/MONGOCRYPT-241, libmongocrypt segfaulting makes the errors (even if they are originating in libmongocrypt consumers rather than libmongocrypt itself) difficult to debug, and potentially can produce DOS on applications.
I believe libmongocrypt should be performing more runtime checks on its data structures, such that it can fail with ordinary errors in cases of misuse rather than cause termination of the process into which it is loaded.
- clones
-
MONGOCRYPT-242 libmongocrypt aborts when mongocrypt_ctx_decrypt_init is called with empty bson string
- Backlog
- related to
-
MONGOCRYPT-241 libmongocrypt uses asserts and terminates application processes
- Backlog