Operational Defect Database

BugZero found this defect 2436 days ago.

MongoDB | 398264

[SERVER-29862] Command auth checks behave differently on bad status vs exception

Last update date:

10/27/2023

Affected products:

MongoDB Server

Affected releases:

No affected releases provided.

Fixed releases:

No fixed releases provided.

Description:

Info

In particular, if an exception is thrown from Command::checkAuthForOperation(), we won't log or audit the failure. It seems like the auth code should unify error handling by either converting all statuses to exceptions or vice-versa to ensure uniform handling of failures.

Top User Comments

redbeard0531 commented on Tue, 15 May 2018 18:49:21 +0000: Resolved by the work on SERVER-33881 xgen-internal-githook commented on Thu, 10 May 2018 20:38:52 +0000: Author: {'name': 'Billy Donahue', 'email': 'billy.donahue@mongodb.com', 'username': 'BillyDonahue'} Message: SERVER-34653 linearize control flow in Command::_checkAuthorizationImpl. Also relevant to SERVER-29862. Branch: master https://github.com/mongodb/mongo/commit/e2ff0151038bc01a4e8992169ed37c63de1d5a6a

Additional Resources / Links

Share:

BugZero Risk Score

Coming soon

Status

Closed

Have you been affected by this bug?

cost-cta-background

Do you know how much operational outages are costing you?

Understand the cost to your business and how BugZero can help you reduce those costs.

Discussion

Login to read and write comments.

Have you ever...

had your data corrupted from a

VMware

bug?

Search:

...