Skip to content

Commit

Permalink
auth: fix NULL pointer access when trying to delete CryptoAESKeyHandl…
Browse files Browse the repository at this point in the history 
…er instance

the caller needs to check the nullity of the parameter before calling
PK11_FreeSymKey or PK11_FreeSlot, otherwise if CryptoAESKeyHandler::init
failed, we will hit a segfault as follows:
  #0  0x00007f76844f5a95 in PK11_FreeSymKey () from /lib64/libnss3.so
  ceph#1  0x00007f76586b6e49 in CryptoAESKeyHandler::~CryptoAESKeyHandler() () from /lib64/librados.so.2
  ceph#2  0x00007f76586b5eea in CryptoAES::get_key_handler(ceph::buffer::ptr const&, std::string&) () from /lib64/librados.so.2
  ceph#3  0x00007f76586b4b9c in CryptoKey::_set_secret(int, ceph::buffer::ptr const&) () from /lib64/librados.so.2
  ceph#4  0x00007f76586b4e95 in CryptoKey::decode(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
  ceph#5  0x00007f76586b7ee6 in KeyRing::set_modifier(char const*, char const*, EntityName&, std::map<std::string, ceph::buffer::list, std::less<std::string>, std::allocator<std::pair<std::string const, ceph::buffer::list> > >&) () from /lib64/librados.so.2
  ceph#6  0x00007f76586b8882 in KeyRing::decode_plaintext(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
  ceph#7  0x00007f76586b9803 in KeyRing::decode(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
  ceph#8  0x00007f76586b9a1f in KeyRing::load(CephContext*, std::string const&) () from /lib64/librados.so.2
  ceph#9  0x00007f76586ba04b in KeyRing::from_ceph_context(CephContext*) () from /lib64/librados.so.2
  ceph#10 0x00007f765852d0cd in MonClient::init() () from /lib64/librados.so.2
  ceph#11 0x00007f76583c15f5 in librados::RadosClient::connect() () from /lib64/librados.so.2
  ceph#12 0x00007f765838cb1c in rados_connect () from /lib64/librados.so.2
  ...

Signed-off-by: runsisi <runsisi@zte.com.cn>
  • Loading branch information
@runsisi
runsisi authored and runsisi committed Oct 24, 2016
1 parent 0e5e33d commit 45fc387
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/auth/Crypto.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,10 @@ class CryptoAESKeyHandler : public CryptoKeyHandler {
param(NULL) {}
~CryptoAESKeyHandler() {
SECITEM_FreeItem(param, PR_TRUE);
PK11_FreeSymKey(key);
PK11_FreeSlot(slot);
if (key)
PK11_FreeSymKey(key);
if (slot)
PK11_FreeSlot(slot);
}

int init(const bufferptr& s, ostringstream& err) {
Expand Down

0 comments on commit 45fc387

Please sign in to comment.