Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-13753

mongod may terminate if x.509 authentication certificate is invalid

    • ALL

      Issue Status as of May 29, 2014

      ISSUE SUMMARY
      mongod terminates when certain types of invalid x.509 certificates are provided for client authentication, printing a brief error message in the log:

      2014-04-26T19:05:18.243-0400 [conn2] ERROR: Uncaught std::exception: basic_string::substr, terminating
      

      USER IMPACT
      Anyone able to establish a connection with the server can crash it by using an invalid or malformed certificate and x.509 authentication. Only mongod servers compiled with SSL and with x.509 authentication enabled are affected by this issue.

      WORKAROUNDS
      Disable x.509 authentication or use a version of the server without SSL support.

      AFFECTED VERSIONS
      MongoDB production releases 2.6.0 and 2.6.1 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.6.2 production release.

      RESOLUTION DETAILS
      Check for malformed and invalid certificates in the x.509 authentication circuitry.

      Original description

      mongod may terminate if x.509 authentication certificate is invalid. The only error reported is the following, just after a client attempts to authenticate

      2014-04-26T19:05:18.243-0400 [conn2] ERROR: Uncaught std::exception: basic_string::substr, terminating
      

      Line of code in question is likely:
      https://github.com/mongodb/mongo/blob/1249034444dc146eb6177fbe4845e593b807f84d/src/mongo/db/commands/authentication_commands.cpp#L306

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            david.hows David Hows
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: