Summary

Calling mongocrypt_setopt_kms_providers twice with an "aws" or "local" does not error, and results in a memory leak.

{
    mongocrypt_binary_t *bson = TEST_BSON(BSON_STR({"aws" : {"accessKeyId" : "foo", "secretAccessKey" : "bar"}}));
    mongocrypt_t *crypt = mongocrypt_new();
    ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt);
    ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt); // Leaks!
    // Leak is caused by overwrite to {{crypt->opts->kms_providers->aws.secret_access_key}}
    mongocrypt_destroy(crypt);
}

Calling mongocrypt_setopt_kms_providers twice with "azure", "gcp", or "kmip" results in an expected error:

// Errors if called multiple times with intersecting providers.
{
    mongocrypt_binary_t *one = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "foo"}}));
    mongocrypt_binary_t *two = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "bar"}}));

    mongocrypt_t *crypt = mongocrypt_new();
    ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, one), crypt);
    ASSERT_FAILS(mongocrypt_setopt_kms_providers(crypt, two), crypt, "already set");
    mongocrypt_destroy(crypt);
}

Proposal: make configuring "aws" or "local" twice an error for consistency with other KMS providers.

Background & Motivation

I expect this to have little to no impact. I expect driver bindings are not calling mongocrypt_setopt_kms_providers more than once, since this is only needed to construct the mongocrypt_t handle.

Assignee:: Kevin Albertson

Reporter:: Kevin Albertson

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: Dec 14 2023 03:39:58 PM UTC

Updated:: Dec 20 2023 06:39:30 PM UTC

Resolved:: Dec 20 2023 06:39:24 PM UTC

Details

Description

Summary

Background & Motivation

Attachments

Activity

People

Dates