talloc use after free in samba3upgrade

Andrew Bartlett abartlet at samba.org
Thu Oct 27 16:26:04 MDT 2011 

On Thu, 2011-10-27 at 08:40 -0400, Adam Tauno Williams wrote:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> > On Tue, 2011-09-20 at 08:16 -0700, Andrew Bartlett wrote:
> >> On Mon, 2011-09-19 at 22:20 +0200, Pavel Herrmann wrote:
> >> > On Monday 19 of September 2011 16:03:20 Adam Tauno Williams wrote:
> >> > > Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> >> > > linux-hvej:~ # /opt/s4/sbin/samba-tool user setpassword administrator
> >> > > New Password:
> >> > > Changed password OK
> >> > >   --- kinit says my password expired, and can't change it (???
> >> > > linux-hvej:~ # kinit administrator at MICORE.US
> >> > > Password for administrator at MICORE.US:
> >> > > Password expired.  You must change it now.
> >> > > Enter new password:
> >> > > Enter it again:
> >> > > kinit: Password has expired while getting initial credentials
> >> > you can try setting passwords to never expir
> >> > samba-tool pwsettings set --max-pwd-age=0
> >> If this is required, it means that the password polices were not
> >> upgraded correctly.  This was a bug in earlier versions of this tool,
> >> but I thought it had been fixed.
> >> If this is still happening with current GIT, can you get me the ldif of
> >> your domain object?  I want to check that the maxPwdAge is is negative
> >> nanoseconds, not positive seconds.  (NTTIME vs unix time).
> > I'll update my git, rebuild, and import again [hopefully today, but it
> > may take a couple of days]/
> 
> I finally got back to my AD migration.  After pulling the git and  
> rebuilding the import now fails completely.
> 
> linux-hvej:~ # samba-tool domain samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf
> Reading smb.conf
> Provisioning
> no talloc stackframe around, leaking memory
> Exporting account policy
> Exporting groups
> talloc: access after free error - first free may be at ?? [wonky characters]
> Bad talloc magic value - access after free
> Aborted

Can you run it under valgrind, eg:

valgrind /usr/bin/python /usr/local/samba/sbin/samba-tool domain
samba3upgrade --dbdir=/tmp/x  /tmp/x/smb.conf

There will be noise from python's own allocation libs, but it should
also give us the clue we need here.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list