You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ba...@apache.org on 2019/11/21 10:13:25 UTC

[nifi-minifi-cpp] branch master updated: MINIFICPP-1089 - Use after free in RESTSender::sendPayload

This is an automated email from the ASF dual-hosted git repository.

bakaid pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git


The following commit(s) were added to refs/heads/master by this push:
     new 272edb0  MINIFICPP-1089 - Use after free in RESTSender::sendPayload
272edb0 is described below

commit 272edb017feaca22ef6f7789bb3f679239629e5f
Author: Arpad Boda <ab...@apache.org>
AuthorDate: Wed Nov 20 17:23:44 2019 +0100

    MINIFICPP-1089 - Use after free in RESTSender::sendPayload
    
    Signed-off-by: Daniel Bakai <ba...@apache.org>
    
    This closes #686
---
 extensions/http-curl/protocols/RESTSender.cpp | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/extensions/http-curl/protocols/RESTSender.cpp b/extensions/http-curl/protocols/RESTSender.cpp
index 0cf915e..fb46b54 100644
--- a/extensions/http-curl/protocols/RESTSender.cpp
+++ b/extensions/http-curl/protocols/RESTSender.cpp
@@ -93,15 +93,23 @@ const C2Payload RESTSender::sendPayload(const std::string url, const Direction d
   if (url.empty()) {
     return C2Payload(payload.getOperation(), state::UpdateState::READ_ERROR, true);
   }
+
+  // Callback for transmit. Declared in order to destruct in proper order - take care!
+  std::unique_ptr<utils::ByteInputCallBack> input = nullptr;
+  std::unique_ptr<utils::HTTPUploadCallback> callback = nullptr;
+
+  // Callback for transfer. Declared in order to destruct in proper order - take care!
+  std::unique_ptr<utils::FileOutputCallback> file_callback = nullptr;
+  utils::HTTPReadCallback read;
+
+  // Client declared last to make sure calbacks are still available when client is destructed
   utils::HTTPClient client(url, ssl_context_service_);
   client.setKeepAliveProbe(2);
   client.setKeepAliveIdle(2);
   client.setConnectionTimeout(2);
-  std::unique_ptr<utils::ByteInputCallBack> input = nullptr;
-  std::unique_ptr<utils::HTTPUploadCallback> callback = nullptr;
   if (direction == Direction::TRANSMIT) {
     input = std::unique_ptr<utils::ByteInputCallBack>(new utils::ByteInputCallBack());
-    callback = std::unique_ptr<utils::HTTPUploadCallback>(new utils::HTTPUploadCallback);
+    callback = std::unique_ptr<utils::HTTPUploadCallback>(new utils::HTTPUploadCallback());
     input->write(outputConfig);
     callback->ptr = input.get();
     callback->pos = 0;
@@ -120,8 +128,6 @@ const C2Payload RESTSender::sendPayload(const std::string url, const Direction d
     client.set_request_method("GET");
   }
 
-  std::unique_ptr<utils::FileOutputCallback> file_callback = nullptr;
-  utils::HTTPReadCallback read;
   if (payload.getOperation() == TRANSFER) {
     utils::file::FileManager file_man;
     auto file = file_man.unique_file(true);