system.c bug / possible fix
Jeremy Allison
jeremy at valinux.com
Mon Apr 30 20:24:38 GMT 2001
Elrond wrote:
>
> Hi everybody,
>
> system.c (the current version in head 1.66, the version in
> 2.2.0 release, previous version in TNG) has a flaw in the
> getpw*-cache code.
>
> The general problem was found by Mirko Manea
> <mami at arena.sci.univr.it>, who found that using another
> version fixed problems he had with LDAP and nt home
> directories.
>
> After reading the interesting code many times, I found the
> bug:
>
> The current code made a copy of the struct passwd returned
> by getpw*(), and since libc might overwrite strings, that
> were used in that struct, pw_name and pw_eturned to allow the caller to modify. When were copied
> into local memory too (and to allow overwriting those
> strings).
>
> The problem is now, that pass->pw_dir (the home dir),
> wasn't copied, but left as pointer into libc-memory. When
> libc was doing a new getpw*, the memory was probably
> overwritten.
>
> You might ask, why THIS error didn't appear in the first
> cache-version. Because in that version, a pointer to the
> passwd-struct in libc was saved. When libc has read a new
> entry into that memory, the memory ALSO contained a new uid
> and pw_name, which the cache-compare code used and either
> got the right values or a "cache miss".
Very cool Elrond, thanks for spotting the bug. I'm fixing
it in HEAD and 2.2 right now.....
Thanks once again,
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list