From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: tarantool-patches@dev.tarantool.org
Subject: [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack
Date: Thu, 31 Oct 2019 22:42:34 +0100 [thread overview]
Message-ID: <db332f3f69e85d29f6d7e7be95f843db11ce662c.1572558071.git.v.shpilevoy@tarantool.org> (raw)
In-Reply-To: <cover.1572558071.git.v.shpilevoy@tarantool.org>
Box.session.su() worked like following: check user
existence, create its credentials on the stack, check
the function, call the function, destroy the
credentials, restore the old credentials.
After creating the credentials on the stack the
function check could raise a Lua error. It led to the
credentials object not being destroyed. As a result,
user.credentials_list was pointing at invalid memory.
Now there is no errors between creating the temporary
credentials and its destruction.
Closes #4597
---
src/box/lua/session.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/box/lua/session.c b/src/box/lua/session.c
index de5eb9adc..c6a600f6f 100644
--- a/src/box/lua/session.c
+++ b/src/box/lua/session.c
@@ -189,14 +189,13 @@ lbox_session_su(struct lua_State *L)
fiber_set_user(fiber(), &session->credentials);
return 0; /* su */
}
+ luaL_checktype(L, 2, LUA_TFUNCTION);
struct credentials su_credentials;
struct credentials *old_credentials = fiber()->storage.credentials;
credentials_create(&su_credentials, user);
fiber()->storage.credentials = &su_credentials;
- /* sudo */
- luaL_checktype(L, 2, LUA_TFUNCTION);
int error = lua_pcall(L, top - 2, LUA_MULTRET, 0);
/* Restore the original credentials. */
fiber_set_user(fiber(), old_credentials);
--
2.21.0 (Apple Git-122.2)
next prev parent reply other threads:[~2019-10-31 21:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-31 21:42 [Tarantool-patches] [PATCH 0/3] Credentials follow up Vladislav Shpilevoy
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 1/3] test: fix flaky box/access_sysview.test.lua Vladislav Shpilevoy
2019-11-04 17:20 ` Konstantin Osipov
2019-10-31 21:42 ` [Tarantool-patches] [PATCH 2/3] user: don't throw C++ exception from user_find_by_name Vladislav Shpilevoy
2019-11-04 17:22 ` Konstantin Osipov
2019-11-05 9:44 ` Vladislav Shpilevoy
2019-10-31 21:42 ` Vladislav Shpilevoy [this message]
2019-11-04 17:23 ` [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack Konstantin Osipov
2019-11-01 13:54 ` [Tarantool-patches] [PATCH 0/3] Credentials follow up Kirill Yukhin
2019-11-04 17:23 ` Konstantin Osipov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db332f3f69e85d29f6d7e7be95f843db11ce662c.1572558071.git.v.shpilevoy@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=tarantool-patches@dev.tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox