Michael Ho has uploaded this change for review. ( http://gerrit.cloudera.org:8080/8777
Change subject: IMPALA-6281: Fix use-after-free in InitAuth() ...................................................................... IMPALA-6281: Fix use-after-free in InitAuth() Previously, we implicitly create a local string object created from the char* in argv[0] when calling InitAuth(). This string object goes out of scope once InitAuth() returns but the pointer of this local string's buffer is passed to the Sasl library which may reference it after the local string has been deleted, leading to use-after-free. This change fixes the problem above by passing the char* argv[0] directly into InitAuth() and eventually to the Sasl library which takes a const char* as argument anyway. Testing done: Verified rpc-mgr-test and thrift-server-test no longer fail in ASAN build. Change-Id: I1f29c2396df114264dfc23726b8ba778f50e12e9 --- M be/src/rpc/auth-provider.h M be/src/rpc/authentication.cc M be/src/rpc/rpc-mgr-test.cc M be/src/rpc/thrift-server-test.cc M be/src/transport/TSasl.h 5 files changed, 9 insertions(+), 7 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/77/8777/1 -- To view, visit http://gerrit.cloudera.org:8080/8777 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I1f29c2396df114264dfc23726b8ba778f50e12e9 Gerrit-Change-Number: 8777 Gerrit-PatchSet: 1 Gerrit-Owner: Michael Ho <[email protected]>
