SERVER-20740: Check exceptions in SASL callbacks

1 files changed, 41 insertions, 30 deletions

diff --git a/src/mongo/client/cyrus_sasl_client_session.cpp b/src/mongo/client/cyrus_sasl_client_session.cpp
index 7fe8896588c..503a41303ac 100644
--- a/src/mongo/client/cyrus_sasl_client_session.cpp
+++ b/src/mongo/client/cyrus_sasl_client_session.cpp
@@ -111,7 +111,7 @@ MONGO_INITIALIZER(CyrusSaslAllocatorsAndMutexes)(InitializerContext*) {
     return Status::OK();
 }
 
-int saslClientLogSwallow(void* context, int priority, const char* message) {
+int saslClientLogSwallow(void* context, int priority, const char* message) throw() {
     return SASL_OK;  // do nothing
 }
 
@@ -157,27 +157,31 @@ MONGO_INITIALIZER_WITH_PREREQUISITES(CyrusSaslClientContext,
  * the same.  These correspond to SASL_CB_AUTHNAME and SASL_CB_USER.
  */
 int saslClientGetSimple(void* context, int id, const char** result, unsigned* resultLen) throw() {
-    CyrusSaslClientSession* session = static_cast<CyrusSaslClientSession*>(context);
-    if (!session || !result)
-        return SASL_BADPARAM;
-
-    CyrusSaslClientSession::Parameter requiredParameterId;
-    switch (id) {
-        case SASL_CB_AUTHNAME:
-        case SASL_CB_USER:
-            requiredParameterId = CyrusSaslClientSession::parameterUser;
-            break;
-        default:
+    try {
+        CyrusSaslClientSession* session = static_cast<CyrusSaslClientSession*>(context);
+        if (!session || !result)
+            return SASL_BADPARAM;
+
+        CyrusSaslClientSession::Parameter requiredParameterId;
+        switch (id) {
+            case SASL_CB_AUTHNAME:
+            case SASL_CB_USER:
+                requiredParameterId = CyrusSaslClientSession::parameterUser;
+                break;
+            default:
+                return SASL_FAIL;
+        }
+
+        if (!session->hasParameter(requiredParameterId))
             return SASL_FAIL;
-    }
-
-    if (!session->hasParameter(requiredParameterId))
+        StringData value = session->getParameter(requiredParameterId);
+        *result = value.rawData();
+        if (resultLen)
+            *resultLen = static_cast<unsigned>(value.size());
+        return SASL_OK;
+    } catch (...) {
         return SASL_FAIL;
-    StringData value = session->getParameter(requiredParameterId);
-    *result = value.rawData();
-    if (resultLen)
-        *resultLen = static_cast<unsigned>(value.size());
-    return SASL_OK;
+    }
 }
 
 /**
@@ -188,18 +192,25 @@ int saslClientGetPassword(sasl_conn_t* conn,
                           void* context,
                           int id,
                           sasl_secret_t** outSecret) throw() {
-    CyrusSaslClientSession* session = static_cast<CyrusSaslClientSession*>(context);
-    if (!session || !outSecret)
-        return SASL_BADPARAM;
-
-    sasl_secret_t* secret = session->getPasswordAsSecret();
-    if (secret == NULL) {
-        sasl_seterror(conn, 0, "No password data provided");
+    try {
+        CyrusSaslClientSession* session = static_cast<CyrusSaslClientSession*>(context);
+        if (!session || !outSecret)
+            return SASL_BADPARAM;
+
+        sasl_secret_t* secret = session->getPasswordAsSecret();
+        if (secret == NULL) {
+            sasl_seterror(conn, 0, "No password data provided");
+            return SASL_FAIL;
+        }
+
+        *outSecret = secret;
+        return SASL_OK;
+    } catch (...) {
+        StringBuilder sb;
+        sb << "Caught unhandled exception in saslClientGetSimple: " << exceptionToStatus().reason();
+        sasl_seterror(conn, 0, sb.str().c_str());
         return SASL_FAIL;
     }
-
-    *outSecret = secret;
-    return SASL_OK;
 }
 }  // namespace