un-initalised value use in samba3 LDAP group mapping

Andrew Bartlett abartlet at samba.org
Tue Nov 8 14:24:22 MST 2011

On Tue, 2011-11-08 at 08:35 -0500, Adam Tauno Williams wrote:
> On Tue, 2011-11-08 at 23:21 +1100, Andrew Bartlett wrote:
> > On Mon, 2011-11-07 at 09:39 -0500, Adam Tauno Williams wrote:
> > > > Output of the valgrind is attached.
> > > And this one is with the correct path to samba-tool. :)
> > > valgrind /usr/bin/python /opt/s4/sbin/samba-tool domain samba3upgrade  
> > > --dbdir=/tmp/x  /tmp/x/smb.conf
> > > > linux-hvej:~ # /opt/s4/sbin/samba --version
> > > > Version 4.0.0alpha18-GIT-1d53109
> > Using that git revision and the dataset from 'make test', I can
> > reproduce (at least as far as an invalid read, but not an un-initialised
> > read) the issue with the SDDL library, but it appears to be due to
> > strspn in glibc reading beyond the NULL terminator. 
> > So, the question really is, what is different about your setup?  
> > Can you also try with the additional valgrind option --track-origins=yes
> valgrind --track-origins=yes /usr/bin/python /opt/s4/sbin/samba-tool
> domain samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf 2>valgrind.out

Can you run:
valgrind --track-origins=yes bin/net groupmap list -s tmp/x/smb.conf 

Also, can you run both commands at some point before commit
995d1567265be178b4e45f79ea4562a7041ffa52, as I think there may be an
issue with the change to remove fstrings from the struct GROUP_MAP.

The problem we have here is that the LDAP backend is not tested in 'make
test', and so is tricky to avoid regressions with. 

I've also attached two patches to (I hope) fix the issue, if you could
please test them.  


Andrew Bartlett
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-passdb-Initialise-the-correct-level-of-pointer-de.patch
Type: text/x-patch
Size: 932 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111109/41502e81/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-s3-py_passdb-Ensure-that-group-mapping-list-input-is.patch
Type: text/x-patch
Size: 946 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20111109/41502e81/attachment-0001.bin>

More information about the samba-technical mailing list