config_validation: fix heap-use-after-free. (envoyproxy#5847)

Same issue as in envoyproxy#4940, but on the config_validation side. Risk level: Low Testing: corpus entry added. Signed-off-by: Harvey Tuch <htuch@google.com> Signed-off-by: Fred Douglas <fredlas@google.com>
fredlas · Mar 5, 2019 · b767534 · b767534
1 parent b4437ee
commit b767534
Show file tree

Hide file tree

Showing 3 changed files with 400 additions and 1 deletion.
diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h
@@ -154,8 +154,10 @@ class ValidationInstance : Logger::Loggable<Logger::Id::main>,
   AccessLog::AccessLogManagerImpl access_log_manager_;
   std::unique_ptr<Upstream::ValidationClusterManagerFactory> cluster_manager_factory_;
   InitManagerImpl init_manager_;
-  std::unique_ptr<ListenerManagerImpl> listener_manager_;
+  // secret_manager_ must come before listener_manager_, since there may be active filter chains
+  // referencing it, so need to destruct these first.
   std::unique_ptr<Secret::SecretManager> secret_manager_;
+  std::unique_ptr<ListenerManagerImpl> listener_manager_;
   std::unique_ptr<OverloadManager> overload_manager_;
   MutexTracer* mutex_tracer_;
   Http::ContextImpl http_context_;

diff --git a/source/server/server.h b/source/server/server.h
@@ -210,6 +210,8 @@ class InstanceImpl : Logger::Loggable<Logger::Id::main>, public Instance {
   Assert::ActionRegistrationPtr assert_action_registration_;
   ThreadLocal::Instance& thread_local_;
   Api::ApiPtr api_;
+  // secret_manager_ must come before dispatcher_, since there may be active connections
+  // referencing it, so need to destruct these first.
   std::unique_ptr<Secret::SecretManager> secret_manager_;
   Event::DispatcherPtr dispatcher_;
   std::unique_ptr<AdminImpl> admin_;