[PATCH] s4:dsdb/common: samdb_result_parameters: fix bug in ldb_val to lsa_BinaryString conversation

Stefan Gohmann gohmann at univention.de
Mon May 26 15:03:48 MDT 2014 

Hi Matthias,

Am 26.05.2014 14:09, schrieb Matthias Dieter Wallnöfer:
> Hi Stefan,
> 
> it seems that no other one responded. I think that this is rather a
> problem with the "userParameters" attribute which we still do not parse
> correctly I think.

thanks. I've re-checked this issue.

In my case the userParameters attribute is 105 bytes long. I think the
problem is that the length is odd and so there is one byte missing.

I was able to reproduce this issue while setting userParameters for a
user to the following value:

userParameters::
Q3R4Q2ZnUHJlc2VudCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgUAIaCAFDdHhDZmdQcmVzZW5045S15pSx5oiw44GiGAgBQ3R4Q2ZnRmxhZ3Mx44Cw44Gm44Cy44C5

and run
  net user /domain username
from a Windows client.

Attached you'll find an updated patch which fixed the problem for me.

Thanks,
Stefan

> Matthias
> 
> Stefan Gohmann schrieb:
>> Hi!
>>
>> We saw this issue in a couple of customer environments. If the user has
>> the attribute 'userParameters' set, the rpc_server got stuck. At least
>> in some cases.
>>
>> The backtrace from the log file:
>>
>>    *** glibc detected *** /usr/sbin/samba: malloc(): memory corruption
>> (fast): 0x00007f08dd7cf760 ***
>>    ======= Backtrace: =========
>>    /lib/libc.so.6(+0x71e16)[0x7f08d7c90e16]
>>    /lib/libc.so.6(+0x7572d)[0x7f08d7c9472d]
>>    /lib/libc.so.6(__libc_malloc+0x70)[0x7f08d7c95c70]
>>    /usr/lib/libtalloc.so.2(_talloc_array+0x1f2)[0x7f08d83a0772]
>>    /usr/lib/libldb.so.1(ldb_unpack_data+0x2a4)[0x7f08d85b9b14]
>>    /usr/lib//ldb/modules/ldb/tdb.so(+0x640f)[0x7f08c2a0a40f]
>>    /usr/lib/libtdb.so.1(tdb_parse_record+0x77)[0x7f08d5c02e27]
>>    /usr/lib//ldb/modules/ldb/tdb.so(ltdb_search_dn1+0xa1)[0x7f08c2a0add1]
>>
>> /usr/lib//ldb/modules/ldb/tdb.so(ltdb_search_indexed+0x11a)[0x7f08c2a0d01a]
>>
>>    /usr/lib//ldb/modules/ldb/tdb.so(ltdb_search+0x11a)[0x7f08c2a0a0ea]
>>    /usr/lib//ldb/modules/ldb/tdb.so(+0x5a98)[0x7f08c2a09a98]
>>
>> /usr/lib/libtevent.so.0(tevent_common_loop_timer_delay+0xe4)[0x7f08d7f89094]
>>
>>    /usr/lib/libtevent.so.0(+0x8fcb)[0x7f08d7f89fcb]
>>    /usr/lib/libtevent.so.0(+0x76d6)[0x7f08d7f886d6]
>>    /usr/lib/libtevent.so.0(_tevent_loop_once+0x9d)[0x7f08d7f848bd]
>>    /usr/lib/libldb.so.1(ldb_wait+0xe5)[0x7f08d85c5195]
>>
>> /usr/lib//samba/libdsdb-module.so(dsdb_module_search_dn+0x1c0)[0x7f08c91ba6d0]
>>
>>
>> /usr/lib//samba/libdsdb-module.so(dsdb_module_find_dsheuristics+0x79)[0x7f08c91ba8a9]
>>
>>
>> /usr/lib//samba/libdsdb-module.so(dsdb_user_password_support+0x3b)[0x7f08c91ba96b]
>>
>>
>> The attached patch fixed the issue for our customer environments.
>>
>> Thanks,
>> Stefan
>>
> 

-- 
Stefan Gohmann
Head of Software Engineering

Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax :  +49 421 22232-99

gohmann at univention.de
http://www.univention.de

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876

  * Englisch - erkannt
  * Englisch
  * Deutsch

  * Englisch
  * Deutsch

 <javascript:void(0);>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-dsdb-common-samdb_result_parameters-fix-bug-in-ld.patch
Type: text/x-patch
Size: 2397 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140526/8cf1e742/attachment.bin>

More information about the samba-technical mailing list