-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Fully Compatible
-
ALL
-
v7.0, v6.0, v5.0, v4.4
-
Security 2023-06-12, Security 2023-06-26, Security 2023-07-10, Security 2023-07-24
-
(copied to CRM)
-
None
-
None
-
None
-
None
-
None
-
None
-
None
WrappedConnection::bindAsUser invokes an underlying LDAP connection's bindAsUser method, by is scheduling a lambda onto an executor which calls the method, and waiting for the resolution of a result future. This future might be resolved by successful conclusion of the lambda, or by a timeout alarm.
Unfortunately, it is possible for the timeout to elapse and for WrappedConnection::bindAsUser to return with a not-OK Status before the lambda completes its execution. This means that reference captured variables used by the lambda might fall out of scope while they are being used.
- is duplicated by
-
SERVER-77502 LDAP connection pool may use dangling reference to bind options after timeout
-
- Closed
-
-
SERVER-75153 Log LDAP disconnect leaks and limit copying of LDAP bind options
-
- Closed
-
- is related to
-
SERVER-77962 Investigate automated injection of faults/delays into promise completion
-
- Open
-