loadPluggableSecManager needs to handle nullptr ISecManager return values
Description
If a security manager plugin fails to instantiate an ISecManager instance and returns nullptr, the nullptr is returned by loadPluggableSecManager to EspHttpBinding::EspHttpBinding. The binding assumes that the presence of a security manager configuration implies a non-NULL return and immediately dereferences the pointer - resulting in a segmentation fault.
loadPluggableSecManager already throws exceptions, instead of returning NULL, if it cannot call the plugin. It needs to throw an exception if the plugin returns NULL.
Conclusion
None
Activity
Show:
Russ Whitehead January 5, 2017 at 9:09 PM
Replacing with 6.4.0 PR
Fixed
Pinned fields
Click on the next to a field label to start pinning.
If a security manager plugin fails to instantiate an ISecManager instance and returns nullptr, the nullptr is returned by loadPluggableSecManager to EspHttpBinding::EspHttpBinding. The binding assumes that the presence of a security manager configuration implies a non-NULL return and immediately dereferences the pointer - resulting in a segmentation fault.
loadPluggableSecManager already throws exceptions, instead of returning NULL, if it cannot call the plugin. It needs to throw an exception if the plugin returns NULL.