[zookeeper] branch master updated: ZOOKEEPER-4342: Fix: Robustify C client against errors during SASL negotiation

Wed, 25 Aug 2021 05:14:56 -0700 

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 06467dc  ZOOKEEPER-4342: Fix: Robustify C client against errors during 
SASL negotiation
06467dc is described below

commit 06467dc8c20e6c7357c19904f6214bb406262ba2
Author: Damien Diederen <[email protected]>
AuthorDate: Wed Aug 25 14:14:22 2021 +0200

    ZOOKEEPER-4342: Fix: Robustify C client against errors during SASL 
negotiation
    
    Before this, the client was ignoring the error field of the response 
header, and only considering SASL-level errors.
    
    This commit makes it consider `hdr.err`.  It also zeroes the `res` data 
structure, to avoid a crash in `deallocate` if `deserialize` is skipped, and 
sets `input_buffer` to `NULL` to avoid a double-free.
    
    (I looked into adding a non-regression test, but doing so requires adding 
quite a bit of infrastructure to the mocks so that the SASL library can be 
correctly initialized.  Punting for now.)
    
    Author: Damien Diederen <[email protected]>
    
    Reviewers: Enrico Olivelli<[email protected]>
    
    Closes #1733 from ztzg/ZOOKEEPER-4342-robustify-c-client-sasl-errors
---
 zookeeper-client/zookeeper-client-c/src/zookeeper.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c 
b/zookeeper-client/zookeeper-client-c/src/zookeeper.c
index 0504a74..0dac4c3 100644
--- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c
+++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c
@@ -2927,8 +2927,10 @@ static int process_sasl_response(zhandle_t *zh, char 
*buffer, int len)
     struct SetSASLResponse res;
     int rc;
 
+    memset(&res, 0, sizeof(res));
     rc = ia ? ZOK : ZSYSTEMERROR;
     rc = rc < 0 ? rc : deserialize_ReplyHeader(ia, "hdr", &hdr);
+    rc = rc < 0 ? rc : hdr.err;
     rc = rc < 0 ? rc : deserialize_SetSASLResponse(ia, "reply", &res);
     rc = rc < 0 ? rc : zoo_sasl_client_step(zh, res.token.buff, res.token.len);
     deallocate_SetSASLResponse(&res);
@@ -3018,6 +3020,7 @@ static int check_events(zhandle_t *zh, int events)
                 } else {
                     rc = process_sasl_response(zh, zh->input_buffer->buffer, 
zh->input_buffer->curr_offset);
                     free_buffer(zh->input_buffer);
+                    zh->input_buffer = 0;
                     if (rc < 0) {
                         zoo_sasl_mark_failed(zh);
                         return rc;

Reply via email to