diff options
| author | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-04-18 16:44:28 +0200 |
|---|---|---|
| committer | Julius Goryavsky <julius.goryavsky@mariadb.com> | 2022-05-09 07:55:41 +0200 |
| commit | 0c5d8b87307380d4b53c2267f9a8b56b9b948874 (patch) | |
| tree | 31f8f23e7d70f48806904efc1109e045802114ab | |
| parent | 1146b713b2c6dcc8ce8a18b503241f2aea0abbff (diff) | |
| download | mariadb-git-0c5d8b87307380d4b53c2267f9a8b56b9b948874.tar.gz | |
MDEV-28275: Hashicorp: ASAN heap-use-after-free in get_version()
Passing a string as a parameter by value has been replaced by
passing by reference to avoid using memory after it has been freed.
| -rw-r--r-- | plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc index f07a1048f7e..f0508576f8b 100644 --- a/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc +++ b/plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc @@ -517,7 +517,7 @@ static int curl_run (char *url, std::string *response, bool soft_timeout) { const char *err; int err_len; - if (json_get_object_key(res, res + strlen(res), + if (json_get_object_key(res, res + response->size(), "errors", &err, &err_len) == JSV_ARRAY) { const char *ev; @@ -594,8 +594,8 @@ static int hex2buf (unsigned int max_length, unsigned char *dstbuf, return 0; } -static const char * get_data (const std::string response_str, - const char **js, int *js_len) +static int get_data (const std::string &response_str, + const char **js, int *js_len) { const char *response = response_str.c_str(); size_t response_len = response_str.size(); @@ -608,7 +608,7 @@ static const char * get_data (const std::string response_str, my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Key not found", ME_ERROR_LOG_ONLY | ME_NOTE); - return NULL; + return 1; } if (json_get_object_key(response, response + response_len, "data", js, js_len) != JSV_OBJECT) @@ -616,13 +616,14 @@ static const char * get_data (const std::string response_str, my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Unable to get data object (http response is: %s)", 0, response); - return NULL; + return 2; } - return response; + return 0; } static unsigned int get_version (const char *js, int js_len, - const char *response, int *rc) + const std::string &response_str, + int *rc) { const char *ver; int ver_len; @@ -632,7 +633,7 @@ static unsigned int get_version (const char *js, int js_len, { my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Unable to get metadata object (http response is: %s)", - 0, response); + 0, response_str.c_str()); return ENCRYPTION_KEY_VERSION_INVALID; } if (json_get_object_key(ver, ver + ver_len, "version", @@ -640,7 +641,7 @@ static unsigned int get_version (const char *js, int js_len, { my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Unable to get version number (http response is: %s)", - 0, response); + 0, response_str.c_str()); return ENCRYPTION_KEY_VERSION_INVALID; } errno = 0; @@ -650,7 +651,7 @@ static unsigned int get_version (const char *js, int js_len, my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Integer conversion error (for version number) " "(http response is: %s)", - 0, response); + 0, response_str.c_str()); return ENCRYPTION_KEY_VERSION_INVALID; } *rc = 0; @@ -659,7 +660,7 @@ static unsigned int get_version (const char *js, int js_len, static int get_key_data (const char *js, int js_len, const char **key, int *key_len, - const char *response) + const std::string &response_str) { if (json_get_object_key(js, js + js_len, "data", &js, &js_len) != JSV_OBJECT) @@ -667,7 +668,7 @@ static int get_key_data (const char *js, int js_len, my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Unable to get second-level data object " "(http response is: %s)", - 0, response); + 0, response_str.c_str()); return 1; } if (json_get_object_key(js, js + js_len, "data", @@ -675,7 +676,7 @@ static int get_key_data (const char *js, int js_len, { my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER "Unable to get data string (http response is: %s)", - 0, response); + 0, response_str.c_str()); return 1; } return 0; @@ -727,19 +728,18 @@ static unsigned int get_latest_version (unsigned int key_id) } const char *js; int js_len; - const char *response = get_data(response_str, &js, &js_len); - if (response == NULL) + if (get_data(response_str, &js, &js_len)) { return ENCRYPTION_KEY_VERSION_INVALID; } - version = get_version(js, js_len, response, &rc); + version = get_version(js, js_len, response_str, &rc); if (!caching_enabled || rc) { return version; } const char* key; int key_len; - if (get_key_data(js, js_len, &key, &key_len, response)) + if (get_key_data(js, js_len, &key, &key_len, response_str)) { return ENCRYPTION_KEY_VERSION_INVALID; } @@ -809,8 +809,7 @@ static unsigned int get_key_from_vault (unsigned int key_id, } const char *js; int js_len; - const char *response = get_data(response_str, &js, &js_len); - if (response == NULL) + if (get_data(response_str, &js, &js_len)) { return ENCRYPTION_KEY_VERSION_INVALID; } @@ -823,7 +822,7 @@ static unsigned int get_key_from_vault (unsigned int key_id, #endif { int rc; - version = get_version(js, js_len, response, &rc); + version = get_version(js, js_len, response_str, &rc); if (rc) { return version; @@ -845,7 +844,7 @@ static unsigned int get_key_from_vault (unsigned int key_id, #endif const char* key; int key_len; - if (get_key_data(js, js_len, &key, &key_len, response)) + if (get_key_data(js, js_len, &key, &key_len, response_str)) { return ENCRYPTION_KEY_VERSION_INVALID; } |