You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2022/12/01 16:53:12 UTC

[kudu] branch master updated: [jwt] proper memory ownership for RSA key components

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new e67d5533e [jwt] proper memory ownership for RSA key components
e67d5533e is described below

commit e67d5533e0eadf1b8ece41b44b46f9b55a41d473
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Wed Nov 30 21:30:10 2022 -0800

    [jwt] proper memory ownership for RSA key components
    
    This patch corrects the ownership for RSA key's module and exponent in
    RSAJWTPublicKeyBuilder::ConvertJwkToPem() for OpenSSL versions prior
    to 1.1.0.  Prior to this patch, jwt-util-test would crash with SIGSEGV
    if compiled and run against earlier OpenSSL versions (e.g. 1.0.1)
    
    *** SIGSEGV (@0x1e800002) received by PID 31969 (TID 0x7f07a0ae5940) from PID 511705090; stack trace: ***
        ...
        @       0x3ae366ad5d CRYPTO_free at ??:0
        @       0x3ae36a6ef5 BN_free at ??:0
        @     0x7f07a9a44d85 std::_Function_handler<>::_M_invoke() at ??:0
        @     0x7f07a9a4571d std::function<>::operator()() at ??:0
        @     0x7f07a99f42ac std::unique_ptr<>::~unique_ptr() at ??:0
        @     0x7f07a99e6cfa kudu::RSAJWTPublicKeyBuilder::ConvertJwkToPem() at ??:0
        @     0x7f07a99e5910 kudu::RSAJWTPublicKeyBuilder::CreateJWKPublicKey() at ??:0
        ...
    
    Change-Id: Ib94122eb7221c99ed4997b456cdcea4cd6d5154b
    Reviewed-on: http://gerrit.cloudera.org:8080/19292
    Tested-by: Kudu Jenkins
    Reviewed-by: Zoltan Chovan <zc...@cloudera.com>
    Reviewed-by: Attila Bukor <ab...@apache.org>
---
 src/kudu/util/jwt-util.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/kudu/util/jwt-util.cc b/src/kudu/util/jwt-util.cc
index bf512fd1b..bd928f37d 100644
--- a/src/kudu/util/jwt-util.cc
+++ b/src/kudu/util/jwt-util.cc
@@ -406,8 +406,8 @@ bool RSAJWTPublicKeyBuilder::ConvertJwkToPem(
 
   security::c_unique_ptr<RSA> rsa { RSA_new(), &RSA_free };
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
-  rsa->n = modul.get();
-  rsa->e = expon.get();
+  rsa->n = modul.release();
+  rsa->e = expon.release();
 #else
   // RSA_set0_key is a new API introduced in OpenSSL version 1.1
   RSA_set0_key(rsa.get(), modul.release(), expon.release(), nullptr);