net-ads-search crashes when tokengroups attribute is requested

Isaac Boukris iboukris at gmail.com
Tue Jan 23 07:51:33 UTC 2018


On Tue, Jan 23, 2018 at 3:10 AM, Jeremy Allison <jra at samba.org> wrote:
> On Tue, Jan 23, 2018 at 01:23:46AM +0200, Isaac Boukris wrote:
>> On Tue, Jan 23, 2018 at 12:27 AM, Jeremy Allison <jra at samba.org> wrote:
>> > On Mon, Jan 22, 2018 at 11:44:03PM +0200, Isaac Boukris wrote:
>> >> On Mon, Jan 22, 2018 at 9:11 PM, Jeremy Allison <jra at samba.org> wrote:
>> >> > On Mon, Jan 22, 2018 at 01:00:31PM +0200, Isaac Boukris via samba-technical wrote:
>> >> >> I guess this constructed attribute isn't supported, though it still
>> >> >> shouldn't crash (git master).
>> >> >
>> >> > Can you run this under valgrind and make it crash ? I'd be really interested
>> >> > to see the output from that.
>> >>
>> >> Right! with valgrind it doesn't crash but it gives good insight.
>> >> See full output here:
>> >> https://pastebin.com/VkUckwi5
>> >
>> > Can you load the debug symbols on your machine ? With those, and
>> > valgrind we should get the exact line number that is causing problems.
>>
>>
>> Here is the output with enable-debug:
>> https://pastebin.com/MXTZ80Tm
>
> Oh, here is the real problem. ads_do_search_retry_internal()
> is destroying the ADS_STRUCT *ads struct on reconnection
> error when it didn't open it.
>
> Here is an attached (untested) patch you could try. I'll
> have to go through all the code paths to ensure that this
> doesn't cause leaks in other areas though.


Yes, this patch works ok, solves the crash and invalid memory access
(I had it initially, but wasn't sure).

Thanks!



More information about the samba-technical mailing list