Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.14.0
-
None
Description
The sasl_client_new does not copy its callback argument array, resulting in a pointer to transient stack memory.
debraj92 will be supplying a patch to resolve this issue. This patch moves the callbacks array into the member variable m_callbacks which has the same lifetime as the sasl impl instance and thus will remain valid until the end of life.
Trace:
#0 0x00000080 in ?? () #1 0xb38c04bc in _sasl_canon_user () from libdrillClient.so #2 0xb38c0611 in _sasl_canon_user_lookup () from libdrillClient.so #3 0xb2c0824e in gssapi_client_mech_step () from /usr/lib/sasl2/libgssapiv2.so #4 0xb38ad244 in sasl_client_step () from libdrillClient.so #5 0xb37fddde in Drill::SaslAuthenticatorImpl::step(exec::shared::SaslMessage const&, exec::shared::SaslMessage&) const () from libdrillClient.so #6 0xb37bdf16 in Drill::DrillClientImpl::processSaslChallenge(Drill::AllocatedBuffer*, Drill::rpc::InBoundRpcMessage const&) () from libdrillClient.so #7 0xb37bfa17 in Drill::DrillClientImpl::handleRead(unsigned char*, boost_sb::system::error_code const&, unsigned int) () from libdrillClient.so #8 0xb37c0955 in boost_sb::detail::function::void_function_obj_invoker2<boost_sb::_bi::bind_t<void, boost_sb::_mfi::mf3<void, Drill::DrillClientImpl, unsigned char*, boost_sb::system::error_code const&, unsigned int>, boost_sb::_bi::list4<boost_sb::_bi::value<Drill::DrillClientImpl*>, boost_sb::_bi::value<unsigned char*>, boost_sb::arg<1> (*)(), boost_sb::arg<2> (*)()> >, void, boost_sb::system::error_code const&, unsigned int>::invoke(boost_sb::detail::function::function_buffer&, boost_sb::system::error_code const&, unsigned int) () from libdrillClient.so #9 0xb378f17d in boost_sb::function2<void, boost_sb::system::error_code const&, unsigned int>::operator()(boost_sb::system::error_code const&, unsigned int) const () from libdrillClient.so #10 0xb3799bc8 in boost_sb::asio::detail::read_op<Drill::Socket, boost_sb::asio::mutable_buffers_1, boost_sb::asio::mutable_buffer const*, boost_sb::asio::detail::transfer_all_t, boost_sb::function<void (boost_sb::system::error_code const&, unsigned int)> >::operator()(boost_sb::system::error_code const&, unsigned int, int) () from libdrillClient.so #11 0xb379a1c3 in boost_sb::asio::detail::reactive_socket_recv_op<boost_sb::asio::mutable_buffers_1, boost_sb::asio::detail::read_op<Drill::Socket, boost_sb::asio::mutable_buffers_1, boost_sb::asio::mutable_buffer const*, boost_sb::asio::detail::transfer_all_t, boost_sb::function<void (boost_sb::system::error_code const&, unsigned int)> > >::do_complete(void*, boost_sb::asio::detail::scheduler_operation*, boost_sb::system::error_code const&, unsigned int) () from libdrillClient.so #12 0xb3788fb8 in boost_sb::asio::detail::epoll_reactor::descriptor_state::do_complete(void*, boost_sb::asio::detail::scheduler_operation*, boost_sb::system::error_code const&, unsigned int) () from libdrillClient.so #13 0xb3791948 in boost_sb::asio::io_context::run() () from libdrillClient.so #14 0xb37c0e67 in boost_sb::detail::thread_data<boost_sb::_bi::bind_t<unsigned int, boost_sb::_mfi::mf0<unsigned int, boost_sb::asio::io_context>, boost_sb::_bi::list1<boost_sb::_bi::value<boost_sb::asio::io_context*> > > >::run() () from libdrillClient.so #15 0xb3825f5a in thread_proxy () from libdrillClient.so #16 0xb6730b3c in start_thread () from /lib/libpthread.so.0 #17 0xb64db44e in clone () from /lib/libc.so.6
Attachments
Issue Links
- links to