Panic in smb_krb5_create_memory_keytab
Andreas Schneider
asn at samba.org
Mon Jul 20 08:33:35 UTC 2015
On Monday 20 July 2015 10:24:27 Volker Lendecke wrote:
> On Mon, Jul 20, 2015 at 10:20:05AM +0200, Andreas Schneider wrote:
> > On Monday 20 July 2015 08:20:46 Volker Lendecke wrote:
> > > Hi, Andrew!
> > >
> > > Recently I've come across a talloc use-after-free panic in
> > > smb_krb5_create_memory_keytab in a flaky build. See the attached
> > > backtrace. If required, I still have the logs.tar.gz around.
> >
> > Hi Volker,
> >
> > I've changed the code in this area, but looking at the function I do not
> > see how this can happen. I will try to reproduce it here. I think we need
> > valgrind.
>
> Ok. Sorry for not doing valgrind upfront. I will get back to
> you when I have had the time to more thoroughly analyse it.
No problem at all. It is just nothing obvious from looking at the code.
Alexander and I didn't spot something. I thought it might be a buffer overflow
...
I've run the test with:
VALGRIND="valgrind --tool=memcheck -v --num-callers=20 --log-
file=$(pwd)/smbtorture.%p.log" make -j test
TESTS="samba4.winbind.pac.ad_member.local"
but it doesn't real the issue on my machine :(
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list