net-ads-search crashes when tokengroups attribute is requested

Isaac Boukris iboukris at
Thu Jan 25 13:22:02 UTC 2018

On Thu, Jan 25, 2018 at 12:19 PM, Volker Lendecke
<Volker.Lendecke at> wrote:
> On Wed, Jan 24, 2018 at 02:16:53PM -0800, Jeremy Allison wrote:
>> OK, how about this fix instead ? It keeps the ads_destroy() call
>> after the reconnection failure, but uses the horrific ads->is_mine
>> flag to ensure the ADS_STRUCT isn't thrown away causing the
>> valgrind failures and crashes.
>> If any of the callers were indirecting into any of the
>> ADS_STRUCT members after a ads_do_search_retry_internal()
>> reconnect failure, they were already crashing (their
>> ads pointer had already been freed). And if they were
>> not, but only calling ads_destroy() on error (which
>> is the case for all of the code I've seen), then this
>> fix makes it safe for them to do so whilst still doing
>> the internal structure memory free that winbindd may
>> be depending on.
>> I safe off the original value of the horrific ads->is_mine
>> flag and restore it afterwards, so this should have no
>> effect on the winbindd code that actually uses this.
>> Isaac, can you test this fix to see if it also fixes
>> the valgrind errors ?
> RB+. Lets wait the confirmation before pushing though.

Yes, it is fine, it solved the valgrind errors (same as removing ads_destroy).

I think the attached patch is a bit cleaner though.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-ldap-Ensure-the-ADS_STRUCT-pointer-doesn-t-get-fr.patch
Type: application/octet-stream
Size: 2011 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list