This is an automated email from the ASF dual-hosted git repository. mmerli pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git
The following commit(s) were added to refs/heads/master by this push: new da5b3cd If auth is badly configured in c++, close the connection (#2172) da5b3cd is described below commit da5b3cdf1e6fabbcadf6be4adff7c055e37674f5 Author: Ivan Kelly <iv...@apache.org> AuthorDate: Tue Jul 17 05:51:00 2018 +0100 If auth is badly configured in c++, close the connection (#2172) * If auth is badly configured in c++, close the connection This patch fixes a segfault where, if auth was badly configured, resulting in a null authentication pointer, the client would still try to use it to connect, and as a result, segfault. The patch adds a null check on the authentication object, and a check that the connection object is still valid before initialization of the tcp channel. * formatting errors --- pulsar-client-cpp/lib/ClientConnection.cc | 10 ++++++++++ pulsar-client-cpp/python/pulsar_test.py | 19 ++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pulsar-client-cpp/lib/ClientConnection.cc b/pulsar-client-cpp/lib/ClientConnection.cc index 8d8243c..4e6d0f2 100644 --- a/pulsar-client-cpp/lib/ClientConnection.cc +++ b/pulsar-client-cpp/lib/ClientConnection.cc @@ -160,6 +160,12 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std: } } + if (!authentication_) { + LOG_ERROR("Invalid authentication plugin"); + close(); + return; + } + AuthenticationDataPtr authData; if (authentication_->getAuthData(authData) == ResultOk && authData->hasDataForTls()) { std::string tlsCertificates = authData->getTlsCertificates(); @@ -354,6 +360,10 @@ void ClientConnection::handleSentPulsarConnect(const boost::system::error_code& * */ void ClientConnection::tcpConnectAsync() { + if (isClosed()) { + return; + } + boost::system::error_code err; Url service_url; if (!Url::parse(physicalAddress_, service_url)) { diff --git a/pulsar-client-cpp/python/pulsar_test.py b/pulsar-client-cpp/python/pulsar_test.py index 3a5c407..200a107 100755 --- a/pulsar-client-cpp/python/pulsar_test.py +++ b/pulsar-client-cpp/python/pulsar_test.py @@ -24,7 +24,7 @@ import time import os from pulsar import Client, MessageId, \ CompressionType, ConsumerType, PartitionsRoutingMode, \ - AuthenticationTLS + AuthenticationTLS, Authentication from _pulsar import ProducerConfiguration, ConsumerConfiguration @@ -152,6 +152,23 @@ class PulsarTest(TestCase): client.close() + def test_auth_junk_params(self): + certs_dir = '/pulsar/pulsar-broker/src/test/resources/authentication/tls/' + if not os.path.exists(certs_dir): + certs_dir = "../../pulsar-broker/src/test/resources/authentication/tls/" + authPlugin = "someoldjunk.so" + authParams = "blah" + client = Client(self.serviceUrlTls, + tls_trust_certs_file_path=certs_dir + 'cacert.pem', + tls_allow_insecure_connection=False, + authentication=Authentication(authPlugin, authParams)) + try: + client.subscribe('persistent://property/cluster/namespace/my-python-topic-producer-consumer', + 'my-sub', + consumer_type=ConsumerType.Shared) + except: + pass # Exception is expected + def test_message_listener(self): client = Client(self.serviceUrl)