Patch: Attempt to fix segfaults in push_ucs2_talloc when domain, workgroup etc are NULL in creds
Richard Sharpe
realrichardsharpe at gmail.com
Tue Aug 18 16:32:17 UTC 2015
Hi folks,
the following small piece of Python:
from samba.credentials import Credentials
from samba import param
lp = param.LoadParm()
lp.load("/dev/null")
creds=Credentials()
creds.set_username('administrator')
creds.set_password('the-real-password')
creds.set_domain('WORKGROUP')
creds.set_workstation('RICHARD')
Causes the following segfault:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6f2e62f in __strlen_sse42 () from /lib64/libc.so.6
(gdb) where
#0 0x00007ffff6f2e62f in __strlen_sse42 () from /lib64/libc.so.6
#1 0x00007ffff02a5475 in push_ucs2_talloc (ctx=0x708960, dest=0x7089a0,
src=0x0, converted_size=0x7fffffffcfd0)
at ../lib/util/charset/pull_push.c:41
#2 0x00007fffebba9532 in msrpc_gen (mem_ctx=0x707520, blob=0x7fffffffd540,
format=0x7fffe9c4ee0c "CdBBUUUBd") at ../libcli/auth/msrpc_parse.c:75
#3 0x00007fffe9c3db5f in ntlmssp_client_challenge (gensec_security=0x706060,
out_mem_ctx=0x705e20, in=..., out=0x7fffffffd540)
at ../auth/ntlmssp/ntlmssp_client.c:300
#4 0x00007fffe9c3c3bd in gensec_ntlmssp_update (gensec_security=0x706060,
out_mem_ctx=0x705e20, ev=0x6fbf70, input=..., out=0x7fffffffd540)
at ../auth/ntlmssp/ntlmssp.c:163
#5 0x00007fffe9c43e05 in gensec_update_ev (gensec_security=0x706060,
out_mem_ctx=0x705e20, ev=0x6fbf70, in=..., out=0x7fffffffd540)
at ../auth/gensec/gensec.c:235
#6 0x00007fffe9c3858d in gensec_spnego_update (gensec_security=0x7059e0,
out_mem_ctx=0x705e20, ev=0x6fbf70, in=..., out=0x705e70)
at ../auth/gensec/spnego.c:1070
#7 0x00007fffe9c38d93 in gensec_spnego_update_wrapper (
gensec_security=0x7059e0, out_mem_ctx=0x701630, ev=0x6fbf70, in=...,
out=0x7fffffffd730) at ../auth/gensec/spnego.c:1312
#8 0x00007fffe9c43e05 in gensec_update_ev (gensec_security=0x7059e0,
out_mem_ctx=0x701630, ev=0x6fbf70, in=..., out=0x7fffffffd730)
at ../auth/gensec/gensec.c:235
#9 0x00007fffe895d4e3 in ldap_bind_sasl (conn=0x700090, creds=0x6f37a0,
lp_ctx=0x6ea250) at ../source4/libcli/ldap/ldap_bind.c:330
#10 0x00007fffe2d85486 in ildb_connect (ldb=0x6fbc20,
url=0x7ffff7f264ec "ldap://10.4.45.1", flags=0, options=0x0,
_module=0x6fbc20) at ../lib/ldb-samba/ldb_ildap.c:851
#11 0x00007fffee372a06 in ldb_module_connect_backend (ldb=0x6fbc20,
url=0x7ffff7f264ec "ldap://10.4.45.1", options=0x0,
backend_module=0x6fbc20) at ../common/ldb_modules.c:217
#12 0x00007fffee389859 in ldb_connect (ldb=0x6fbc20,
url=0x7ffff7f264ec "ldap://10.4.45.1", flags=<value optimized out>,
options=0x0) at ../common/ldb.c:260
#13 0x00007fffee7a0995 in py_ldb_connect (self=<value optimized out>,
args=<value optimized out>, kwargs=<value optimized out>)
at ../pyldb.c:1071
#14 0x00007ffff7b0c9e4 in PyEval_EvalFrameEx ()
from /usr/lib64/libpython2.6.so.1.0
#15 0x00007ffff7b0e657 in PyEval_EvalCodeEx ()
from /usr/lib64/libpython2.6.so.1.0
Here is a possible fix for it. It is caused because I did not set the
workgroup or workstation parts of the creds:
----------------------------------------
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f99257d..1f22241 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -146,7 +146,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *ge
DATA_BLOB encrypted_session_key = data_blob(NULL, 0);
NTSTATUS nt_status;
int flags = 0;
- const char *user, *domain;
+ const char *user, *domain, *workstation;
TALLOC_CTX *mem_ctx = talloc_new(out_mem_ctx);
if (!mem_ctx) {
@@ -224,6 +224,13 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *g
cli_credentials_get_ntlm_username_domain(gensec_security->credentials, m
&user, &domain);
+ workstation = cli_credentials_get_workstation(gensec_security->credentia
+
+ if (user = NULL || domain == NULL || workstation == NULL) {
+ DEBUG(10, ("One or more of user, domain or workstation is NULL\n
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) {
flags |= CLI_CRED_NTLM2;
}
@@ -305,7 +312,7 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *ge
nt_response.data, nt_response.length,
domain,
user,
- cli_credentials_get_workstation(gensec_security->credenti
+ workstation,
encrypted_session_key.data, encrypted_session_key.length,
ntlmssp_state->neg_flags);
if (!NT_STATUS_IS_OK(nt_status)) {
-------------------------------------
I imagine there will be comments ...
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list