[PATCH] Do not leave random talloc magic in free()'ed memory
Stefan Metzmacher
metze at samba.org
Fri Jan 12 07:21:47 UTC 2018
Hi Andrew,
I saw these patches in your current autobuild.
I tried to pick them for 4.8.0 (including talloc-2.1.11),
but it failed locally with:
[2(1)/2 at 0s] samba4.local.talloc
talloc: access after free error - first free may be at
../lib/talloc/talloc.c:1978_talloc_realloc
Bad talloc magic value - access after free
UNEXPECTED(error): samba4.local.talloc.magic_free_protection(none)
REASON: Exception: Exception: Test was never started
UNEXPECTED(error): samba4.local.talloc.magic_protection(none)
(samba.subunit.RemotedTestCase)
REASON: was started but never finished!
UNEXPECTED(error): samba4.local.talloc.talloc(none)
(samba.subunit.RemotedTestCase)
REASON: was started but never finished!
I don't think we need this for 4.8.0rc1.
metze
Am 08.01.2018 um 05:38 schrieb Andrew Bartlett via samba-technical:
> On Thu, 2017-12-21 at 20:13 +1300, Andrew Bartlett via samba-technical
> wrote:
>> G'Day,
>>
>> I've been thinking about ways that our talloc magic protection might be
>> avoided and reading the magic from memory that has recently been
>> free()ed would be a good attack.
>>
>> So this patch marks this memory with a fixed magic. All valid use of
>> memory still uses the random magic.
>>
>> This passed a full autobuild.
>>
>> Please carefully review!
>>
>> On my re-look it might need to tweak talloc_chunk_from_ptr() a little
>> (when other flags could be set), but I would like other thoughts too!
>
> Attached is a revised set of patches, which removes the
> talloc_abort_magic() branch as I can't see how it is usefully
> triggered.
>
> Clearly this needs very careful review.
>
> Andrew Bartlett
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180112/5235de57/signature.sig>
More information about the samba-technical
mailing list