net-ads-search crashes when tokengroups attribute is requested
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Jan 24 08:08:28 UTC 2018
On Tue, Jan 23, 2018 at 04:48:22PM -0800, Jeremy Allison via samba-technical wrote:
> On Tue, Jan 23, 2018 at 08:16:31PM +0200, Isaac Boukris wrote:
> > On Tue, Jan 23, 2018 at 9:51 AM, Isaac Boukris <iboukris at gmail.com> wrote:
> > > On Tue, Jan 23, 2018 at 3:10 AM, Jeremy Allison <jra at samba.org> wrote:
> > >> Oh, here is the real problem. ads_do_search_retry_internal()
> > >> is destroying the ADS_STRUCT *ads struct on reconnection
> > >> error when it didn't open it.
> > >>
> > >> Here is an attached (untested) patch you could try. I'll
> > >> have to go through all the code paths to ensure that this
> > >> doesn't cause leaks in other areas though.
> > >
> > >
> > > Yes, this patch works ok, solves the crash and invalid memory access
> > > (I had it initially, but wasn't sure).
> >
> >
> > Here is valgrind memory check before the patch:
> > https://pastebin.com/DbZPjKWv
> >
> > And after:
> > https://pastebin.com/5G72dmLa
>
> Yeah the patch is good. There's no case where
> ads_do_search_retry_internal() should destroy
> the passed in ADS_STRUCT *ads struct.
>
> I'll log a bug and get this fixed.
Sorry, but this requires a much more thorough rewrite of libads and in
particular winbind. Are we sure that this does not create memleaks in
long-running winbind when connections are torn down by the server?
Volker
--
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list