net-ads-search crashes when tokengroups attribute is requested
Isaac Boukris
iboukris at gmail.com
Thu Jan 25 13:22:02 UTC 2018
On Thu, Jan 25, 2018 at 12:19 PM, Volker Lendecke
<Volker.Lendecke at sernet.de> wrote:
> On Wed, Jan 24, 2018 at 02:16:53PM -0800, Jeremy Allison wrote:
>> OK, how about this fix instead ? It keeps the ads_destroy() call
>> after the reconnection failure, but uses the horrific ads->is_mine
>> flag to ensure the ADS_STRUCT isn't thrown away causing the
>> valgrind failures and crashes.
>>
>> If any of the callers were indirecting into any of the
>> ADS_STRUCT members after a ads_do_search_retry_internal()
>> reconnect failure, they were already crashing (their
>> ads pointer had already been freed). And if they were
>> not, but only calling ads_destroy() on error (which
>> is the case for all of the code I've seen), then this
>> fix makes it safe for them to do so whilst still doing
>> the internal structure memory free that winbindd may
>> be depending on.
>>
>> I safe off the original value of the horrific ads->is_mine
>> flag and restore it afterwards, so this should have no
>> effect on the winbindd code that actually uses this.
>>
>> Isaac, can you test this fix to see if it also fixes
>> the valgrind errors ?
>
> RB+. Lets wait the confirmation before pushing though.
Yes, it is fine, it solved the valgrind errors (same as removing ads_destroy).
I think the attached patch is a bit cleaner though.
Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-ldap-Ensure-the-ADS_STRUCT-pointer-doesn-t-get-fr.patch
Type: application/octet-stream
Size: 2011 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180125/b7baf08f/0001-s3-ldap-Ensure-the-ADS_STRUCT-pointer-doesn-t-get-fr.obj>
More information about the samba-technical
mailing list