[Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack

Vladislav Shpilevoy v.shpilevoy at tarantool.org
Fri Nov 1 00:42:34 MSK 2019


Box.session.su() worked like following: check user
existence, create its credentials on the stack, check
the function, call the function, destroy the
credentials, restore the old credentials.

After creating the credentials on the stack the
function check could raise a Lua error. It led to the
credentials object not being destroyed. As a result,
user.credentials_list was pointing at invalid memory.

Now there is no errors between creating the temporary
credentials and its destruction.

Closes #4597
---
 src/box/lua/session.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/box/lua/session.c b/src/box/lua/session.c
index de5eb9adc..c6a600f6f 100644
--- a/src/box/lua/session.c
+++ b/src/box/lua/session.c
@@ -189,14 +189,13 @@ lbox_session_su(struct lua_State *L)
 		fiber_set_user(fiber(), &session->credentials);
 		return 0; /* su */
 	}
+	luaL_checktype(L, 2, LUA_TFUNCTION);
 
 	struct credentials su_credentials;
 	struct credentials *old_credentials = fiber()->storage.credentials;
 	credentials_create(&su_credentials, user);
 	fiber()->storage.credentials = &su_credentials;
 
-	/* sudo */
-	luaL_checktype(L, 2, LUA_TFUNCTION);
 	int error = lua_pcall(L, top - 2, LUA_MULTRET, 0);
 	/* Restore the original credentials. */
 	fiber_set_user(fiber(), old_credentials);
-- 
2.21.0 (Apple Git-122.2)



More information about the Tarantool-patches mailing list