From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp15.mail.ru (smtp15.mail.ru [94.100.176.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 23685442BAC for ; Fri, 1 Nov 2019 00:37:02 +0300 (MSK) From: Vladislav Shpilevoy Date: Thu, 31 Oct 2019 22:42:34 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH 3/3] session: su left dangling credentials object on stack List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: tarantool-patches@dev.tarantool.org Box.session.su() worked like following: check user existence, create its credentials on the stack, check the function, call the function, destroy the credentials, restore the old credentials. After creating the credentials on the stack the function check could raise a Lua error. It led to the credentials object not being destroyed. As a result, user.credentials_list was pointing at invalid memory. Now there is no errors between creating the temporary credentials and its destruction. Closes #4597 --- src/box/lua/session.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/box/lua/session.c b/src/box/lua/session.c index de5eb9adc..c6a600f6f 100644 --- a/src/box/lua/session.c +++ b/src/box/lua/session.c @@ -189,14 +189,13 @@ lbox_session_su(struct lua_State *L) fiber_set_user(fiber(), &session->credentials); return 0; /* su */ } + luaL_checktype(L, 2, LUA_TFUNCTION); struct credentials su_credentials; struct credentials *old_credentials = fiber()->storage.credentials; credentials_create(&su_credentials, user); fiber()->storage.credentials = &su_credentials; - /* sudo */ - luaL_checktype(L, 2, LUA_TFUNCTION); int error = lua_pcall(L, top - 2, LUA_MULTRET, 0); /* Restore the original credentials. */ fiber_set_user(fiber(), old_credentials); -- 2.21.0 (Apple Git-122.2)