Panic in smb_krb5_create_memory_keytab
Andreas Schneider
asn at samba.org
Mon Jul 20 13:38:09 UTC 2015
On Monday 20 July 2015 10:33:35 Andreas Schneider wrote:
> On Monday 20 July 2015 10:24:27 Volker Lendecke wrote:
> > On Mon, Jul 20, 2015 at 10:20:05AM +0200, Andreas Schneider wrote:
> > > On Monday 20 July 2015 08:20:46 Volker Lendecke wrote:
> > > > Hi, Andrew!
> > > >
> > > > Recently I've come across a talloc use-after-free panic in
> > > > smb_krb5_create_memory_keytab in a flaky build. See the attached
> > > > backtrace. If required, I still have the logs.tar.gz around.
> > >
> > > Hi Volker,
> > >
> > > I've changed the code in this area, but looking at the function I do not
> > > see how this can happen. I will try to reproduce it here. I think we
> > > need
> > > valgrind.
> >
> > Ok. Sorry for not doing valgrind upfront. I will get back to
> > you when I have had the time to more thoroughly analyse it.
>
> No problem at all. It is just nothing obvious from looking at the code.
> Alexander and I didn't spot something. I thought it might be a buffer
> overflow ...
>
> I've run the test with:
>
> VALGRIND="valgrind --tool=memcheck -v --num-callers=20 --log-
> file=$(pwd)/smbtorture.%p.log" make -j test
> TESTS="samba4.winbind.pac.ad_member.local"
>
> but it doesn't real the issue on my machine :(
I've fixed some issues with error_string in several functions and pushed a
patch to autobuild.
https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=f9905f2756e9ed1f9c064764c257b102ae0b5411
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list