Michael Ho has uploaded a new patch set (#2). ( http://gerrit.cloudera.org:8080/8777 )
Change subject: IMPALA-6281: Fix use-after-free in InitAuth() ...................................................................... IMPALA-6281: Fix use-after-free in InitAuth() Previously, we implicitly create a local string object created from the char* in argv[0] when calling InitAuth(). This string object goes out of scope once InitAuth() returns but the pointer of this local string's buffer is passed to the Sasl library which may reference it after the local string has been deleted, leading to use-after-free. This bug is exposed by recent change to enable Kerberos with KRPC as we now always initialize Sasl even if Kerberos is not enabled. This change fixes the problem above by making a copy of 'appname' passed to InitAuth(). Also, the new code enforces that multiple calls to InitAuth() must use the same 'appname' or it will fail. Testing done: Verified rpc-mgr-test and thrift-server-test no longer fail in ASAN build. Change-Id: I1f29c2396df114264dfc23726b8ba778f50e12e9 --- M be/src/rpc/auth-provider.h M be/src/rpc/authentication.cc M be/src/rpc/rpc-mgr-test.cc M be/src/rpc/thrift-server-test.cc M be/src/transport/TSasl.h M common/thrift/generate_error_codes.py 6 files changed, 31 insertions(+), 15 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/77/8777/2 -- To view, visit http://gerrit.cloudera.org:8080/8777 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: I1f29c2396df114264dfc23726b8ba778f50e12e9 Gerrit-Change-Number: 8777 Gerrit-PatchSet: 2 Gerrit-Owner: Michael Ho <k...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Reviewer: Lars Volker <l...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com>