Summary
Calling mongocrypt_setopt_kms_providers twice with an "aws" or "local" does not error, and results in a memory leak.
{ mongocrypt_binary_t *bson = TEST_BSON(BSON_STR({"aws" : {"accessKeyId" : "foo", "secretAccessKey" : "bar"}})); mongocrypt_t *crypt = mongocrypt_new(); ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt); ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt); // Leaks! // Leak is caused by overwrite to {{crypt->opts->kms_providers->aws.secret_access_key}} mongocrypt_destroy(crypt); }
Calling mongocrypt_setopt_kms_providers twice with "azure", "gcp", or "kmip" results in an expected error:
// Errors if called multiple times with intersecting providers. { mongocrypt_binary_t *one = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "foo"}})); mongocrypt_binary_t *two = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "bar"}})); mongocrypt_t *crypt = mongocrypt_new(); ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, one), crypt); ASSERT_FAILS(mongocrypt_setopt_kms_providers(crypt, two), crypt, "already set"); mongocrypt_destroy(crypt); }
Proposal: make configuring "aws" or "local" twice an error for consistency with other KMS providers.
Background & Motivation
I expect this to have little to no impact. I expect driver bindings are not calling mongocrypt_setopt_kms_providers more than once, since this is only needed to construct the mongocrypt_t handle.