You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2022/12/01 16:53:12 UTC
[kudu] branch master updated: [jwt] proper memory ownership for RSA key components
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new e67d5533e [jwt] proper memory ownership for RSA key components
e67d5533e is described below
commit e67d5533e0eadf1b8ece41b44b46f9b55a41d473
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Wed Nov 30 21:30:10 2022 -0800
[jwt] proper memory ownership for RSA key components
This patch corrects the ownership for RSA key's module and exponent in
RSAJWTPublicKeyBuilder::ConvertJwkToPem() for OpenSSL versions prior
to 1.1.0. Prior to this patch, jwt-util-test would crash with SIGSEGV
if compiled and run against earlier OpenSSL versions (e.g. 1.0.1)
*** SIGSEGV (@0x1e800002) received by PID 31969 (TID 0x7f07a0ae5940) from PID 511705090; stack trace: ***
...
@ 0x3ae366ad5d CRYPTO_free at ??:0
@ 0x3ae36a6ef5 BN_free at ??:0
@ 0x7f07a9a44d85 std::_Function_handler<>::_M_invoke() at ??:0
@ 0x7f07a9a4571d std::function<>::operator()() at ??:0
@ 0x7f07a99f42ac std::unique_ptr<>::~unique_ptr() at ??:0
@ 0x7f07a99e6cfa kudu::RSAJWTPublicKeyBuilder::ConvertJwkToPem() at ??:0
@ 0x7f07a99e5910 kudu::RSAJWTPublicKeyBuilder::CreateJWKPublicKey() at ??:0
...
Change-Id: Ib94122eb7221c99ed4997b456cdcea4cd6d5154b
Reviewed-on: http://gerrit.cloudera.org:8080/19292
Tested-by: Kudu Jenkins
Reviewed-by: Zoltan Chovan <zc...@cloudera.com>
Reviewed-by: Attila Bukor <ab...@apache.org>
---
src/kudu/util/jwt-util.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/kudu/util/jwt-util.cc b/src/kudu/util/jwt-util.cc
index bf512fd1b..bd928f37d 100644
--- a/src/kudu/util/jwt-util.cc
+++ b/src/kudu/util/jwt-util.cc
@@ -406,8 +406,8 @@ bool RSAJWTPublicKeyBuilder::ConvertJwkToPem(
security::c_unique_ptr<RSA> rsa { RSA_new(), &RSA_free };
#if OPENSSL_VERSION_NUMBER < 0x10100000L
- rsa->n = modul.get();
- rsa->e = expon.get();
+ rsa->n = modul.release();
+ rsa->e = expon.release();
#else
// RSA_set0_key is a new API introduced in OpenSSL version 1.1
RSA_set0_key(rsa.get(), modul.release(), expon.release(), nullptr);