Operational Defect Database
BugZero found this defect 51 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
MongoDB | 2627067
UserCacheInvalidator will always have the outdated _cacheGeneration version
Last update date:
3/29/2024
Affected products:
MongoDB Server
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
When calling the UserCacheInvalidator::run() we first get the current version of the AuthorizationManager::_cacheGeneration. If this differs with our version we call invalidateUserCache() and replace our version with the one we collected on the first step. The problem here is that when calling invalidateUserCache() we update AuthorizationManager::_cacheGeneration so the first version we got will no longer be the most up to date version. The current code: // We get the current cacheGeneration version. auto swCurrentGeneration = getCurrentCacheGeneration(opCtx.get()); .... // We compare it with our version if (swCurrentGeneration.getValue() != _previousGeneration) { ... AuthorizationManager::get(opCtx->getService())->invalidateUserCache(); <---- this will generate a new _cacheGeneration so swCurrentGeneration is no longer the most up to date version. ... _previousGeneration = swCurrentGeneration.getValue(); } else { // If the above happened once then we will never hit this else statement. auto refreshStatus = _authzManager->refreshExternalUsers(opCtx.get()); We should update UserCacheInvalidator::_previousGeneration with the new _cacheGeneration version after calling invalidateUserCache();
Top User Comments
Steps to Reproduce
