Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-466

crash on zookeeper_close() when using auth with empty cert

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.0
    • Fix Version/s: 3.2.1, 3.3.0
    • Component/s: c client
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Fixes crash in zookeeper_close() when zoo_add_auth() used with empty cert string.

      Description

      The free_auth_info() function calls deallocate_Buffer(&auth->auth) on every element in the auth list; that function frees any memory pointed to by auth->auth.buff if that field is non-NULL.

      In zoo_add_auth(), when certLen is zero (or cert is NULL), auth.buff is set to 0, but then not assigned to authinfo->auth when auth.buff is NULL. The result is uninitialized data in auth->auth.buff in free_auth_info(), and potential crashes.

      The attached patch adds a test which attempts to duplicate this error; it works for me but may not always on all systems as it depends on the uninitialized data being non-zero; there's not really a simple way I can see to trigger this in the current test framework. The patch also fixes the problem, I believe.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cdarroch Chris Darroch
                Reporter:
                cdarroch Chris Darroch
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: