tarantool / tarantool / 14384818421

push

github

box: fix session use-after-free

If session is created on demand in fiber we delete it when fiber is
stopped. But we do not clear session and credentials in fiber storage.
It is not an issue for standalone fiber (outside of fiber pool) as fiber
will be destroyed or recycled and will not have chance to execute any
code before that. In case of fiber pool it become dangerous as fiber is
reused. Fortunately we never hit this because we either reset session
and credentials at start in code executed in fiber (like in iproto) or
execute code that does not check access (like in vinyl).

Recently we add `tnt_tx_push()` to execute callback in TX. This time
the issue is revealed.

Let's just clear session and credentials in fiber storage when fiber
is stopped.

Closes #11267

NO_DOC=bugfix

70295 of 123997 branches covered (56.69%)

2 of 2 new or added lines in 1 file covered. (100.0%)

103435 of 118236 relevant lines covered (87.48%)

2973617.07 hits per line