talloc use after free in samba3upgrade

Adam Tauno Williams awilliam at whitemice.org
Mon Nov 7 07:39:41 MST 2011 

Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting "Stefan (metze) Metzmacher" <metze at samba.org>:
>> Am 28.10.2011 00:26, schrieb Andrew Bartlett:
>>> On Thu, 2011-10-27 at 08:40 -0400, Adam Tauno Williams wrote:
>>>> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>>>>> On Tue, 2011-09-20 at 08:16 -0700, Andrew Bartlett wrote:
>>>>>> On Mon, 2011-09-19 at 22:20 +0200, Pavel Herrmann wrote:
>>>>>>> On Monday 19 of September 2011 16:03:20 Adam Tauno Williams wrote:
>>>>>>>> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>>>>>>>> linux-hvej:~ # /opt/s4/sbin/samba-tool user setpassword administrator
>>>>>>>> New Password:
>>>>>>>> Changed password OK
>>>>>>>>  --- kinit says my password expired, and can't change it (???
>>>>>>>> linux-hvej:~ # kinit administrator at MICORE.US
>>>>>>>> Password for administrator at MICORE.US:
>>>>>>>> Password expired.  You must change it now.
>>>>>>>> Enter new password:
>>>>>>>> Enter it again:
>>>>>>>> kinit: Password has expired while getting initial credentials
>>>>>>> you can try setting passwords to never expir
>>>>>>> samba-tool pwsettings set --max-pwd-age=0
>>>>>> If this is required, it means that the password polices were not
>>>>>> upgraded correctly.  This was a bug in earlier versions of this tool,
>>>>>> but I thought it had been fixed.
>>>>>> If this is still happening with current GIT, can you get me the ldif of
>>>>>> your domain object?  I want to check that the maxPwdAge is is negative
>>>>>> nanoseconds, not positive seconds.  (NTTIME vs unix time).
>>>>> I'll update my git, rebuild, and import again [hopefully today, but it
>>>>> may take a couple of days]
>>>> I finally got back to my AD migration.  After pulling the git and
>>>> rebuilding the import now fails completely.
>>>> linux-hvej:~ # samba-tool domain samba3upgrade --dbdir=/tmp/x   
>>>> /tmp/x/smb.conf
>>>> Reading smb.conf
>>>> Provisioning
>>>> no talloc stackframe around, leaking memory
>>>> Exporting account policy
>>>> Exporting groups
>>>> talloc: access after free error - first free may be at ?? [wonky  
>>>> characters]
>>>> Bad talloc magic value - access after free
>>>> Aborted
>>> Can you run it under valgrind, eg:
>>> valgrind /usr/bin/python /usr/local/samba/sbin/samba-tool domain
>>> samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf
>>> There will be noise from python's own allocation libs, but it should
>>> also give us the clue we need here.
> Output of the valgrind is attached.

And this one is with the correct path to samba-tool. :)

valgrind /usr/bin/python /opt/s4/sbin/samba-tool domain samba3upgrade  
--dbdir=/tmp/x  /tmp/x/smb.conf



> linux-hvej:~ # /opt/s4/sbin/samba --version
> Version 4.0.0alpha18-GIT-1d53109


-------------- next part --------------
A non-text attachment was scrubbed...
Name: valgrind.out
Type: application/octet-stream
Size: 151955 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111107/9585749a/attachment-0001.obj>

More information about the samba-technical mailing list