[PATCH] Fix possible crash bugs in tdb code.
Andreas Schneider
anschneider at suse.de
Mon Nov 19 16:41:21 GMT 2007
Volker Lendecke wrote:
> On Mon, Nov 19, 2007 at 04:33:18PM +0100, Andreas Schneider wrote:
>>> Can't you fix the callers? Passing NULL as tdb_ctx *should*
>>> IMHO lead to a segfault.
>> here is the fix for the caller.
>
> Hmmmm. How can this happen? Jerry?
>
It looks like it is a corrupted tdb file. At least I see several failing
tdb_read and tdb_free messages in the log files. At some point it segfaulted.
#7 tdb_traverse (tdb=0x0, fn=0x8004dcc0 <traverse_fn>, private_data=0x0) at
tdb/common/traverse.c:236
#8 0x800519d4 in wcache_invalidate_cache () at nsswitch/winbindd_cache.c:2177
#9 0x8003fae7 in msg_reload_services (msg_type=3001, src={pid = 0}, buf=0x0,
len=0, private_data=0x0) at nsswitch/winbindd.c:115
#10 0x80040acf in main (argc=2501900, argv=0xbfe43944, envp=0xbfe43954) at
nsswitch/winbindd.c:892
(gdb) f 8
#8 0x800519d4 in wcache_invalidate_cache () at nsswitch/winbindd_cache.c:2177
2177 tdb_traverse(cache->tdb, traverse_fn, NULL);
(gdb) p domain->name
$4 = "BUILTIN", '\0' <repeats 248 times>
(gdb) p *cache
$5 = {tdb = 0x0}
> Volker
>
>> index a88a061..d11748e 100644
>> --- a/source/nsswitch/winbindd_cache.c
>> +++ b/source/nsswitch/winbindd_cache.c
>> @@ -2165,7 +2165,7 @@ void wcache_invalidate_cache(void)
>>
>> DEBUG(10, ("wcache_invalidate_cache: invalidating cache "
>> "entries for %s\n", domain->name));
>> - if (cache)
>> + if (cache && cache->tdb)
>> tdb_traverse(cache->tdb, traverse_fn, NULL);
>> }
>> }
>> --
>> 1.5.3.4
>>
>
--
Andreas Schneider, SUSE Labs, http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20071119/dc58ab46/signature.bin
More information about the samba-technical
mailing list