[PATCH] winbind: fix crash in fill_domain_username_talloc() if, specified username is NULL

Andreas Schneider asn at samba.org
Mon Jun 24 09:44:06 UTC 2019


On Monday, June 24, 2019 9:50:55 AM CEST Ralf Habacker via samba-technical 
wrote:
> Hi,
> 
> attached is a patch for git master branch, that fixes a crash in winbind
> when calling wbinfo -u.
> 
> Backtrace:
> Program received signal SIGSEGV, Segmentation fault.
> strlower_m (s=s at entry=0x0) at ../source3/lib/util_str.c:474
> 474 while (*s && !(((unsigned char)s[0]) & 0x80)) {
> (gdb) bt
> #0 strlower_m (s=s at entry=0x0) at ../source3/lib/util_str.c:474
> #1 0x00005563f7957ac6 in fill_domain_username_talloc
> (mem_ctx=mem_ctx at entry=0x5563f8a89480, domain=0x5563f8a7b6c0
> "SAGWH", user=<optimized out>, can_assume=can_assume at entry=true)
> at ../source3/winbindd/winbindd_util.c:1209
> #2 0x00005563f798df06 in wb_query_user_list_done (subreq=<optimized out>)
> at ../source3/winbindd/wb_query_user_list.c:110
> #3 0x00007f3d6620c7f6 in dcerpc_binding_handle_call_done
> (subreq=<optimized out>) at
> ../librpc/rpc/binding_handle.c:520
> #4 0x00005563f797f3ed in wbint_bh_raw_call_domain_done
> (subreq=<optimized out>)
> at ../source3/winbindd/winbindd_dual_ndr.c:202
> #5 0x00005563f797cc3c in wb_domain_request_done (subreq=<optimized out>) at
> ../source3/winbindd/winbindd_dual.c:629
> #6 0x00005563f797b14d in wb_child_request_done (subreq=0x5563f8a89880)
> at ../source3/winbindd/winbindd_dual.c:221
> #7 0x00005563f79a40c7 in wb_simple_trans_read_done (subreq=<optimized
> out>) at ../nsswitch/wb_reqtrans.c:432
> #8 0x00005563f79a3a06 in wb_resp_read_done (subreq=<optimized out>) at
> ../nsswitch/wb_reqtrans.c:275
> #9 0x00007f3d5fe10c10 in ?? () from /usr/lib64/libtevent.so.0
> #10 0x00007f3d5fe0f097 in ?? () from /usr/lib64/libtevent.so.0
> #11 0x00007f3d5fe0b4ed in _tevent_loop_once () from
> /usr/lib64/libtevent.so.0
> #12 0x00005563f7950548 in main (argc=<optimized out>, argv=<optimized
> out>) at
> ../source3/winbindd/winbindd.c:1797
> 
> The related samba version is 4.7.11.

Hi Ralf,

could you please use:

if (user == NULL)

instead of

if (!user)

to make clear that it is a pointer.


Thanks,


	Andreas



-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D





More information about the samba-technical mailing list