config_validation: fix heap-use-after-free. (envoyproxy#5847)

htuch · fredlas · commit b767534fca7a · 2019-03-05T16:21:11.000-05:00
Same issue as in envoyproxy#4940, but on the config_validation side. Risk level: Low Testing: corpus entry added. Signed-off-by: Harvey Tuch <htuch@google.com> Signed-off-by: Fred Douglas <fredlas@google.com>
diff --git a/source/server/config_validation/server.h b/source/server/config_validation/server.h
@@ -154,8 +154,10 @@ class ValidationInstance : Logger::Loggable<Logger::Id::main>,
   AccessLog::AccessLogManagerImpl access_log_manager_;
   std::unique_ptr<Upstream::ValidationClusterManagerFactory> cluster_manager_factory_;
   InitManagerImpl init_manager_;
-  std::unique_ptr<ListenerManagerImpl> listener_manager_;
+  // secret_manager_ must come before listener_manager_, since there may be active filter chains
+  // referencing it, so need to destruct these first.
   std::unique_ptr<Secret::SecretManager> secret_manager_;
+  std::unique_ptr<ListenerManagerImpl> listener_manager_;
   std::unique_ptr<OverloadManager> overload_manager_;
   MutexTracer* mutex_tracer_;
   Http::ContextImpl http_context_;
diff --git a/source/server/server.h b/source/server/server.h
@@ -210,6 +210,8 @@ class InstanceImpl : Logger::Loggable<Logger::Id::main>, public Instance {
   Assert::ActionRegistrationPtr assert_action_registration_;
   ThreadLocal::Instance& thread_local_;
   Api::ApiPtr api_;
+  // secret_manager_ must come before dispatcher_, since there may be active connections
+  // referencing it, so need to destruct these first.
   std::unique_ptr<Secret::SecretManager> secret_manager_;
   Event::DispatcherPtr dispatcher_;
   std::unique_ptr<AdminImpl> admin_;
diff --git a/test/server/server_corpus/clusterfuzz-testcase-minimized-config_fuzz_test-5762646786179072 b/test/server/server_corpus/clusterfuzz-testcase-minimized-config_fuzz_test-5762646786179072
