hadoop-zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Darroch (JIRA)" <j...@apache.org>
Subject [jira] Updated: (ZOOKEEPER-466) crash on zookeeper_close() when using auth with empty cert
Date Tue, 14 Jul 2009 04:20:15 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Chris Darroch updated ZOOKEEPER-466:
------------------------------------

    Attachment: ZOOKEEPER-466.patch

> crash on zookeeper_close() when using auth with empty cert
> ----------------------------------------------------------
>
>                 Key: ZOOKEEPER-466
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-466
>             Project: Zookeeper
>          Issue Type: Bug
>          Components: c client
>    Affects Versions: 3.2.0
>            Reporter: Chris Darroch
>             Fix For: 3.2.1
>
>         Attachments: ZOOKEEPER-466.patch, ZOOKEEPER-466.patch
>
>
> The free_auth_info() function calls deallocate_Buffer(&auth->auth) on every element
in the auth list; that function frees any memory pointed to by auth->auth.buff if that
field is non-NULL.
> In zoo_add_auth(), when certLen is zero (or cert is NULL), auth.buff is set to 0, but
then not assigned to authinfo->auth when auth.buff is NULL.  The result is uninitialized
data in auth->auth.buff in free_auth_info(), and potential crashes.
> The attached patch adds a test which attempts to duplicate this error; it works for me
but may not always on all systems as it depends on the uninitialized data being non-zero;
there's not really a simple way I can see to trigger this in the current test framework. 
The patch also fixes the problem, I believe.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message