system.c bug / possible fix

Jeremy Allison jeremy at
Mon Apr 30 20:24:38 GMT 2001

Elrond wrote:
> Hi everybody,
> system.c (the current version in head 1.66, the version in
> 2.2.0 release, previous version in TNG) has a flaw in the
> getpw*-cache code.
> The general problem was found by Mirko Manea
> <mami at>, who found that using another
> version fixed problems he had with LDAP and nt home
> directories.
> After reading the interesting code many times, I found the
> bug:
> The current code made a copy of the struct passwd returned
> by getpw*(), and since libc might overwrite strings, that
> were used in that struct, pw_name and pw_eturned to allow the caller to modify. When were copied
> into local memory too (and to allow overwriting those
> strings).
> The problem is now, that pass->pw_dir (the home dir),
> wasn't copied, but left as pointer into libc-memory. When
> libc was doing a new getpw*, the memory was probably
> overwritten.
> You might ask, why THIS error didn't appear in the first
> cache-version. Because in that version, a pointer to the
> passwd-struct in libc was saved. When libc has read a new
> entry into that memory, the memory ALSO contained a new uid
> and pw_name, which the cache-compare code used and either
> got the right values or a "cache miss".

Very cool Elrond, thanks for spotting the bug. I'm fixing
it in HEAD and 2.2 right now.....

Thanks once again,


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list