net-ads-search crashes when tokengroups attribute is requested
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jan 25 10:19:28 UTC 2018
On Wed, Jan 24, 2018 at 02:16:53PM -0800, Jeremy Allison wrote:
> OK, how about this fix instead ? It keeps the ads_destroy() call
> after the reconnection failure, but uses the horrific ads->is_mine
> flag to ensure the ADS_STRUCT isn't thrown away causing the
> valgrind failures and crashes.
>
> If any of the callers were indirecting into any of the
> ADS_STRUCT members after a ads_do_search_retry_internal()
> reconnect failure, they were already crashing (their
> ads pointer had already been freed). And if they were
> not, but only calling ads_destroy() on error (which
> is the case for all of the code I've seen), then this
> fix makes it safe for them to do so whilst still doing
> the internal structure memory free that winbindd may
> be depending on.
>
> I safe off the original value of the horrific ads->is_mine
> flag and restore it afterwards, so this should have no
> effect on the winbindd code that actually uses this.
>
> Isaac, can you test this fix to see if it also fixes
> the valgrind errors ?
RB+. Lets wait the confirmation before pushing though.
Volker
--
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list