Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-610

Repeated calls of `mongocrypt_setopt_kms_providers` may leak memory

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Trivial - P5 Trivial - P5
    • 1.9.0, 1.8.3
    • Affects Version/s: None
    • Component/s: None
    • None
    • Not Needed

      Summary

      Calling mongocrypt_setopt_kms_providers twice with an "aws" or "local" does not error, and results in a memory leak.

      {
          mongocrypt_binary_t *bson = TEST_BSON(BSON_STR({"aws" : {"accessKeyId" : "foo", "secretAccessKey" : "bar"}}));
          mongocrypt_t *crypt = mongocrypt_new();
          ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt);
          ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, bson), crypt); // Leaks!
          // Leak is caused by overwrite to {{crypt->opts->kms_providers->aws.secret_access_key}}
          mongocrypt_destroy(crypt);
      }
      

      Calling mongocrypt_setopt_kms_providers twice with "azure", "gcp", or "kmip" results in an expected error:

      // Errors if called multiple times with intersecting providers.
      {
          mongocrypt_binary_t *one = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "foo"}}));
          mongocrypt_binary_t *two = TEST_BSON(BSON_STR({"azure" : {"accessToken" : "bar"}}));
      
          mongocrypt_t *crypt = mongocrypt_new();
          ASSERT_OK(mongocrypt_setopt_kms_providers(crypt, one), crypt);
          ASSERT_FAILS(mongocrypt_setopt_kms_providers(crypt, two), crypt, "already set");
          mongocrypt_destroy(crypt);
      }
      

      Proposal: make configuring "aws" or "local" twice an error for consistency with other KMS providers.

      Background & Motivation

      I expect this to have little to no impact. I expect driver bindings are not calling mongocrypt_setopt_kms_providers more than once, since this is only needed to construct the mongocrypt_t handle.

            Assignee:
            kevin.albertson@mongodb.com Kevin Albertson
            Reporter:
            kevin.albertson@mongodb.com Kevin Albertson
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: