...
BugZero found this defect 2721 days ago.
SaslSCRAMSHA1ClientConversations have a SCRAMSecrets which they 'll pull out of the cache. SCRAMSecrets allocate secure storage in their default constructor, so they may be populated. Instead, SaslSCRAMSHA1ClientConversation and the cache should store shared_ptrs to SCRAMSecret.
xgen-internal-githook commented on Tue, 11 Jul 2017 23:02:14 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory (cherry picked from commit 7ca9cebf2623865fd0077f90baf61132d866a674) (cherry picked from commit 8a4d00991cd1721240f13c8713d7d819baa1763e) Branch: v3.2 https://github.com/mongodb/mongo/commit/764b75a48f57c84ea8c0b867b3128e1d8760086a xgen-internal-githook commented on Mon, 19 Jun 2017 15:21:49 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory (cherry picked from commit 7ca9cebf2623865fd0077f90baf61132d866a674) Branch: v3.4 https://github.com/mongodb/mongo/commit/8a4d00991cd1721240f13c8713d7d819baa1763e spencer.jackson@10gen.com commented on Tue, 13 Jun 2017 19:53:11 +0000: victorgp Yes, this ticket will be backported to 3.4. victorgp commented on Mon, 12 Jun 2017 23:04:14 +0000: Is there any chance we will get the backport for 3.4 version? We, at ThousandEyes, are affected by this issue xgen-internal-githook commented on Tue, 16 May 2017 13:46:10 +0000: Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'} Message: SERVER-28997: Limit SCRAM-SHA-1 cache's use of Secure Memory Branch: master https://github.com/mongodb/mongo/commit/7ca9cebf2623865fd0077f90baf61132d866a674