[ https://issues.apache.org/jira/browse/ZOOKEEPER-466?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12738965#action_12738965 ]
Hudson commented on ZOOKEEPER-466: ---------------------------------- Integrated in ZooKeeper-trunk #404 (See [http://hudson.zones.apache.org/hudson/job/ZooKeeper-trunk/404/]) . crash on zookeeper_close() when using auth with empty cert > crash on zookeeper_close() when using auth with empty cert > ---------------------------------------------------------- > > Key: ZOOKEEPER-466 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-466 > Project: Zookeeper > Issue Type: Bug > Components: c client > Affects Versions: 3.2.0 > Reporter: Chris Darroch > Assignee: Chris Darroch > Fix For: 3.2.1, 3.3.0 > > Attachments: ZOOKEEPER-466.patch > > > The free_auth_info() function calls deallocate_Buffer(&auth->auth) on every > element in the auth list; that function frees any memory pointed to by > auth->auth.buff if that field is non-NULL. > In zoo_add_auth(), when certLen is zero (or cert is NULL), auth.buff is set > to 0, but then not assigned to authinfo->auth when auth.buff is NULL. The > result is uninitialized data in auth->auth.buff in free_auth_info(), and > potential crashes. > The attached patch adds a test which attempts to duplicate this error; it > works for me but may not always on all systems as it depends on the > uninitialized data being non-zero; there's not really a simple way I can see > to trigger this in the current test framework. The patch also fixes the > problem, I believe. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.