Segfault in smbtorture if [/pipe/lsarpc] in binding string

Jelmer Vernooij jelmer at samba.org
Thu Mar 17 21:31:22 GMT 2005


Hi Stefan,

On Sat, Mar 12, 2005 at 09:16:42AM +0100, Stefan (metze) Metzmacher wrote about 'Re: Segfault in smbtorture if [/pipe/lsarpc] in binding string':
> Andrew Bartlett schrieb:
> | While chasing down a problem for VL, I found that we have an
> | uninitialised value in binding->authservice if the pipe is specified.
> |
> | It appears that we only fill in binding->authservice if we need to find
> | the default pipe by looking up the IDL.
> |
> | What is the correct place to hook in this automatic lookup, and should
> | we allow the service to be configured in the binding string somehow?
> |
> | ==12626== Conditional jump or move depends on uninitialised value(s)
> | ==12626==    at 0x823F0CE: dcerpc_bind_auth_password (dcerpc_auth.c:193)
> | ==12626==    by 0x824110C: dcerpc_pipe_auth (dcerpc_util.c:907)
> | ==12626==    by 0x824145F: dcerpc_pipe_connect_ncacn_np
> | (dcerpc_util.c:999)
> | ==12626==    by 0x8241A00: dcerpc_pipe_connect_b (dcerpc_util.c:1183)
> | ==12626==    by 0x8241B5A: dcerpc_pipe_connect (dcerpc_util.c:1231)
> | ==12626==    by 0x805BCAE: torture_rpc_connection (torture.c:140)
> | ==12626==    by 0x82A847B: torture_rpc_lsa (lsa.c:1615)
> | ==12626==    by 0x806201D: run_test (torture.c:2472)
> | ==12626==    by 0x80634F0: main (torture.c:2751)
> First we should just initialize it to NULL, as the gensec backend will use "host" by default then
> Jelmer,
> can you maybe look for a place where this could be configured.
I think dcerpc_binding is the wrong place for authservice (it's also 
not handled by dcerpc_binding_string, so it doesn't work with 
secondary connections). I think it
should rather be a seperate argument to dcerpc_pipe_connect_b() or
part of the cli_credentials struct which still needs to be introduced 
everywhere (see include/credentials.h).

I'd be happy to fix it, if you're ok with that.

Cheers,

Jelmer

-- 
Jelmer Vernooij <jelmer at samba.org> - http://jelmer.vernstok.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20050317/2273c17c/attachment.bin


More information about the samba-technical mailing list