From 393d45478178781f1e58b6a1cbf0a2e823f48a15 Mon Sep 17 00:00:00 2001
From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
Date: Thu, 31 Oct 2019 22:06:18 +0100
Subject: [PATCH] session: su left dangling credentials object on stack

Box.session.su() worked like following: check user
existence, create its credentials on the stack, check
the function, call the function, destroy the
credentials, restore the old credentials.

After creating the credentials on the stack the
function check could raise a Lua error. It led to the
credentials object not being destroyed. As a result,
user.credentials_list was pointing at invalid memory.

Now there is no errors between creating the temporary
credentials and its destruction.

Closes #4597

(cherry picked from commit 2bb8d1ea1e22e547a5bdbeea0bdafaae2481aea4)
---
 src/box/lua/session.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/box/lua/session.c b/src/box/lua/session.c
index de5eb9adcf..c6a600f6f2 100644
--- a/src/box/lua/session.c
+++ b/src/box/lua/session.c
@@ -189,14 +189,13 @@ lbox_session_su(struct lua_State *L)
 		fiber_set_user(fiber(), &session->credentials);
 		return 0; /* su */
 	}
+	luaL_checktype(L, 2, LUA_TFUNCTION);
 
 	struct credentials su_credentials;
 	struct credentials *old_credentials = fiber()->storage.credentials;
 	credentials_create(&su_credentials, user);
 	fiber()->storage.credentials = &su_credentials;
 
-	/* sudo */
-	luaL_checktype(L, 2, LUA_TFUNCTION);
 	int error = lua_pcall(L, top - 2, LUA_MULTRET, 0);
 	/* Restore the original credentials. */
 	fiber_set_user(fiber(), old_credentials);
-- 
GitLab