patch: fix use after free in rdhttp.c

tarantool · Feb 15, 2023 · 7b20672 · 7b20672
1 parent b892514
commit 7b20672
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -60,6 +60,7 @@ if(STATIC_BUILD)
         COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/librdkafka-tarantool-security-52.patch"
         COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/librdkafka-tarantool-security-55.patch"
         COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/librdkafka-tarantool-security-70.patch"
+        COMMAND       patch -d <SOURCE_DIR> -p1 -i "${PATCHES_DIR}/librdkafka-tarantool-security-36.patch"
     )
 
     add_library(librdkafka_static INTERFACE)

diff --git a/patches/librdkafka-tarantool-security-36.patch b/patches/librdkafka-tarantool-security-36.patch
@@ -0,0 +1,12 @@
+diff --git a/src/rdhttp.c b/src/rdhttp.c
+index dca6c6f8..5a290c5b 100644
+--- a/src/rdhttp.c
++++ b/src/rdhttp.c
+@@ -345,6 +345,7 @@ rd_http_error_t *rd_http_post_expect_json(rd_kafka_t *rk,
+
+                 /* Retry */
+                 rd_http_error_destroy(herr);
++                herr = 0;
+                 rd_usleep(retry_ms * 1000 * (i + 1), &rk->rk_terminate);
+         }
+