-
Type: Bug
-
Resolution: Done
-
Priority: Critical - P2
-
Affects Version/s: None
-
Component/s: Security
-
ALL
ISSUE SUMMARY
mongod terminates when certain types of invalid x.509 certificates are provided for client authentication, printing a brief error message in the log:
2014-04-26T19:05:18.243-0400 [conn2] ERROR: Uncaught std::exception: basic_string::substr, terminating
USER IMPACT
Anyone able to establish a connection with the server can crash it by using an invalid or malformed certificate and x.509 authentication. Only mongod servers compiled with SSL and with x.509 authentication enabled are affected by this issue.
WORKAROUNDS
Disable x.509 authentication or use a version of the server without SSL support.
AFFECTED VERSIONS
MongoDB production releases 2.6.0 and 2.6.1 are affected by this issue.
FIX VERSION
The fix is included in the 2.6.2 production release.
RESOLUTION DETAILS
Check for malformed and invalid certificates in the x.509 authentication circuitry.
Original description
mongod may terminate if x.509 authentication certificate is invalid. The only error reported is the following, just after a client attempts to authenticate
2014-04-26T19:05:18.243-0400 [conn2] ERROR: Uncaught std::exception: basic_string::substr, terminating
Line of code in question is likely:
https://github.com/mongodb/mongo/blob/1249034444dc146eb6177fbe4845e593b807f84d/src/mongo/db/commands/authentication_commands.cpp#L306