MDEV-28275: Hashicorp: ASAN heap-use-after-free in get_version()

Passing a string as a parameter by value has been replaced by
passing by reference to avoid using memory after it has been freed.

plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc

@@ -517,7 +517,7 @@ static int curl_run (char *url, std::string *response, bool soft_timeout)
     {
       const char *err;
       int err_len;
-      if (json_get_object_key(res, res + strlen(res),
+      if (json_get_object_key(res, res + response->size(),
                               "errors", &err, &err_len) == JSV_ARRAY)
       {
         const char *ev;
@@ -594,8 +594,8 @@ static int hex2buf (unsigned int max_length, unsigned char *dstbuf,
   return 0;
 }
 
-static const char * get_data (const std::string response_str,
-                              const char **js, int *js_len)
+static int get_data (const std::string &response_str,
+                     const char **js, int *js_len)
 {
   const char *response = response_str.c_str();
   size_t response_len = response_str.size();
@@ -608,7 +608,7 @@ static const char * get_data (const std::string response_str,
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Key not found",
                     ME_ERROR_LOG_ONLY | ME_NOTE);
-    return NULL;
+    return 1;
   }
   if (json_get_object_key(response, response + response_len, "data",
                           js, js_len) != JSV_OBJECT)
@@ -616,13 +616,14 @@ static const char * get_data (const std::string response_str,
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Unable to get data object (http response is: %s)",
                     0, response);
-    return NULL;
+    return 2;
   }
-  return response;
+  return 0;
 }
 
 static unsigned int get_version (const char *js, int js_len,
-                                 const char *response, int *rc)
+                                 const std::string &response_str,
+                                 int *rc)
 {
   const char *ver;
   int ver_len;
@@ -632,7 +633,7 @@ static unsigned int get_version (const char *js, int js_len,
   {
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Unable to get metadata object (http response is: %s)",
-                    0, response);
+                    0, response_str.c_str());
     return ENCRYPTION_KEY_VERSION_INVALID;
   }
   if (json_get_object_key(ver, ver + ver_len, "version",
@@ -640,7 +641,7 @@ static unsigned int get_version (const char *js, int js_len,
   {
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Unable to get version number (http response is: %s)",
-                    0, response);
+                    0, response_str.c_str());
     return ENCRYPTION_KEY_VERSION_INVALID;
   }
   errno = 0;
@@ -650,7 +651,7 @@ static unsigned int get_version (const char *js, int js_len,
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Integer conversion error (for version number) "
                     "(http response is: %s)",
-                    0, response);
+                    0, response_str.c_str());
     return ENCRYPTION_KEY_VERSION_INVALID;
   }
   *rc = 0;
@@ -659,7 +660,7 @@ static unsigned int get_version (const char *js, int js_len,
 
 static int get_key_data (const char *js, int js_len,
                          const char **key, int *key_len,
-                         const char *response)
+                         const std::string &response_str)
 {
   if (json_get_object_key(js, js + js_len, "data",
                           &js, &js_len) != JSV_OBJECT)
@@ -667,7 +668,7 @@ static int get_key_data (const char *js, int js_len,
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Unable to get second-level data object "
                     "(http response is: %s)",
-                    0, response);
+                    0, response_str.c_str());
     return 1;
   }
   if (json_get_object_key(js, js + js_len, "data",
@@ -675,7 +676,7 @@ static int get_key_data (const char *js, int js_len,
   {
     my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                     "Unable to get data string (http response is: %s)",
-                    0, response);
+                    0, response_str.c_str());
     return 1;
   }
   return 0;
@@ -727,19 +728,18 @@ static unsigned int get_latest_version (unsigned int key_id)
   }
   const char *js;
   int js_len;
-  const char *response = get_data(response_str, &js, &js_len);
-  if (response == NULL)
+  if (get_data(response_str, &js, &js_len))
   {
     return ENCRYPTION_KEY_VERSION_INVALID;
   }
-  version = get_version(js, js_len, response, &rc);
+  version = get_version(js, js_len, response_str, &rc);
   if (!caching_enabled || rc)
   {
     return version;
   }
   const char* key;
   int key_len;
-  if (get_key_data(js, js_len, &key, &key_len, response))
+  if (get_key_data(js, js_len, &key, &key_len, response_str))
   {
      return ENCRYPTION_KEY_VERSION_INVALID;
   }
@@ -809,8 +809,7 @@ static unsigned int get_key_from_vault (unsigned int key_id,
   }
   const char *js;
   int js_len;
-  const char *response = get_data(response_str, &js, &js_len);
-  if (response == NULL)
+  if (get_data(response_str, &js, &js_len))
   {
     return ENCRYPTION_KEY_VERSION_INVALID;
   }
@@ -823,7 +822,7 @@ static unsigned int get_key_from_vault (unsigned int key_id,
 #endif
   {
     int rc;
-    version = get_version(js, js_len, response, &rc);
+    version = get_version(js, js_len, response_str, &rc);
     if (rc)
     {
       return version;
@@ -845,7 +844,7 @@ static unsigned int get_key_from_vault (unsigned int key_id,
 #endif
   const char* key;
   int key_len;
-  if (get_key_data(js, js_len, &key, &key_len, response))
+  if (get_key_data(js, js_len, &key, &key_len, response_str))
   {
      return ENCRYPTION_KEY_VERSION_INVALID;
   }