un-initalised value use in samba3 LDAP group mapping

Adam Tauno Williams awilliam at whitemice.org
Wed Nov 9 14:46:14 MST 2011 

On Wed, 2011-11-09 at 08:24 +1100, Andrew Bartlett wrote:
> On Tue, 2011-11-08 at 08:35 -0500, Adam Tauno Williams wrote:
> > On Tue, 2011-11-08 at 23:21 +1100, Andrew Bartlett wrote:
> > > On Mon, 2011-11-07 at 09:39 -0500, Adam Tauno Williams wrote:
> > > > > Output of the valgrind is attached.
> > > > And this one is with the correct path to samba-tool. :)
> > > > valgrind /usr/bin/python /opt/s4/sbin/samba-tool domain samba3upgrade  
> > > > --dbdir=/tmp/x  /tmp/x/smb.conf
> > > > > linux-hvej:~ # /opt/s4/sbin/samba --version
> > > > > Version 4.0.0alpha18-GIT-1d53109
> > > Using that git revision and the dataset from 'make test', I can
> > > reproduce (at least as far as an invalid read, but not an un-initialised
> > > read) the issue with the SDDL library, but it appears to be due to
> > > strspn in glibc reading beyond the NULL terminator. 
> > > So, the question really is, what is different about your setup?  
> > > Can you also try with the additional valgrind option --track-origins=yes
> > valgrind --track-origins=yes /usr/bin/python /opt/s4/sbin/samba-tool
> > domain samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf 2>valgrind.out
> Can you run:
> valgrind --track-origins=yes bin/net groupmap list -s tmp/x/smb.conf 

4.0.0alpha18-GIT-230cd1e no patches

linux-hvej:~/samba-master # valgrind --track-origins=yes bin/net
groupmap list -s tmp/x/smb.conf 
==2138== Memcheck, a memory error detector
==2138== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==2138== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright
info
==2138== Command: bin/net groupmap list -s tmp/x/smb.conf
==2138== 
==2138== Invalid free() / delete / delete[]
==2138==    at 0x4C2599C: free
(in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==2138==    by 0xBF1288A: free_mem (in /lib64/libc-2.11.3.so)
==2138==    by 0xBF12431: __libc_freeres (in /lib64/libc-2.11.3.so)
==2138==    by 0x4A205EC: _vgnU_freeres
(in /usr/lib64/valgrind/vgpreload_core-amd64-linux.so)
==2138==    by 0xBE3154C: __run_exit_handlers (in /lib64/libc-2.11.3.so)
==2138==    by 0xBE315F4: exit (in /lib64/libc-2.11.3.so)
==2138==    by 0xBE1AC03: (below main) (in /lib64/libc-2.11.3.so)
==2138==  Address 0x40460f0 is not stack'd, malloc'd or (recently)
free'd
==2138== 
==2138== 
==2138== HEAP SUMMARY:
==2138==     in use at exit: 14,094 bytes in 129 blocks
==2138==   total heap usage: 520 allocs, 392 frees, 59,415 bytes
allocated
==2138== 
==2138== LEAK SUMMARY:
==2138==    definitely lost: 37 bytes in 4 blocks
==2138==    indirectly lost: 0 bytes in 0 blocks
==2138==      possibly lost: 8,842 bytes in 45 blocks
==2138==    still reachable: 5,215 bytes in 80 blocks
==2138==         suppressed: 0 bytes in 0 blocks
==2138== Rerun with --leak-check=full to see details of leaked memory
==2138== 
==2138== For counts of detected and suppressed errors, rerun with: -v
==2138== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from 4)

More information about the samba-technical mailing list