talloc use after free in samba3upgrade

Andrew Bartlett abartlet at samba.org
Tue Nov 8 02:45:01 MST 2011 

On Mon, 2011-11-07 at 09:39 -0500, Adam Tauno Williams wrote:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> > Quoting "Stefan (metze) Metzmacher" <metze at samba.org>:
> >> Am 28.10.2011 00:26, schrieb Andrew Bartlett:
> >>> On Thu, 2011-10-27 at 08:40 -0400, Adam Tauno Williams wrote:
> >>>> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> >>>>> On Tue, 2011-09-20 at 08:16 -0700, Andrew Bartlett wrote:
> >>>>>> On Mon, 2011-09-19 at 22:20 +0200, Pavel Herrmann wrote:
> >>>>>>> On Monday 19 of September 2011 16:03:20 Adam Tauno Williams wrote:
> >>>>>>>> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> >>>>>>>> linux-hvej:~ # /opt/s4/sbin/samba-tool user setpassword administrator
> >>>>>>>> New Password:
> >>>>>>>> Changed password OK
> >>>>>>>>  --- kinit says my password expired, and can't change it (???
> >>>>>>>> linux-hvej:~ # kinit administrator at MICORE.US
> >>>>>>>> Password for administrator at MICORE.US:
> >>>>>>>> Password expired.  You must change it now.
> >>>>>>>> Enter new password:
> >>>>>>>> Enter it again:
> >>>>>>>> kinit: Password has expired while getting initial credentials
> >>>>>>> you can try setting passwords to never expir
> >>>>>>> samba-tool pwsettings set --max-pwd-age=0
> >>>>>> If this is required, it means that the password polices were not
> >>>>>> upgraded correctly.  This was a bug in earlier versions of this tool,
> >>>>>> but I thought it had been fixed.
> >>>>>> If this is still happening with current GIT, can you get me the ldif of
> >>>>>> your domain object?  I want to check that the maxPwdAge is is negative
> >>>>>> nanoseconds, not positive seconds.  (NTTIME vs unix time).
> >>>>> I'll update my git, rebuild, and import again [hopefully today, but it
> >>>>> may take a couple of days]
> >>>> I finally got back to my AD migration.  After pulling the git and
> >>>> rebuilding the import now fails completely.
> >>>> linux-hvej:~ # samba-tool domain samba3upgrade --dbdir=/tmp/x   
> >>>> /tmp/x/smb.conf
> >>>> Reading smb.conf
> >>>> Provisioning
> >>>> no talloc stackframe around, leaking memory
> >>>> Exporting account policy
> >>>> Exporting groups
> >>>> talloc: access after free error - first free may be at ?? [wonky  
> >>>> characters]
> >>>> Bad talloc magic value - access after free
> >>>> Aborted
> >>> Can you run it under valgrind, eg:
> >>> valgrind /usr/bin/python /usr/local/samba/sbin/samba-tool domain
> >>> samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf
> >>> There will be noise from python's own allocation libs, but it should
> >>> also give us the clue we need here.
> > Output of the valgrind is attached.
> 
> And this one is with the correct path to samba-tool. :)
> 
> valgrind /usr/bin/python /opt/s4/sbin/samba-tool domain samba3upgrade  
> --dbdir=/tmp/x  /tmp/x/smb.conf
> 
> 
> 
> > linux-hvej:~ # /opt/s4/sbin/samba --version
> > Version 4.0.0alpha18-GIT-1d53109

I've stared at the logs, and even with that exact GIT version, I can't
make sense of what is wrong here.  I want to see this fixed, but I'm a
bit stumped. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list