samba-tool domain join segfaults (4.16)
Michael Tokarev
mjt at tls.msk.ru
Tue May 24 13:07:43 UTC 2022
24.05.2022 15:52, Michael Tokarev via samba-technical пишет:
> Hi!
>
> I'm facing a segfault in samba-tool when doing domain join, in
> source3/utils/py_net.c py_net_join_member(). Here it is (with some
> omissions for brevity):
>
> static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
> {
> struct libnet_JoinCtx *r = NULL;
> uint8_t no_dns_updates;
> ...
gdb) p &r
$1 = (struct libnet_JoinCtx **) 0x7fffffffd7b8
(gdb) p &no_dns_updates
$2 = (uint8_t *) 0x7fffffffd7b7 ""
> if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sssssszpp:Join",
> discard_const_p(char *, kwnames),
> &r->in.dnshostname,
> &r->in.upn,
> &r->in.account_ou,
> &r->in.os_name,
> &r->in.os_version,
> &r->in.os_servicepack,
> &r->in.machine_password,
> &r->in.debug,
> &no_dns_updates)) {
It looks like when PyArg_ParseTupleAndKeywords() is setting no_dns_updates,
it does more than single byte, affecting the value of r too. Note the
addresses of the two - r is right on the next byte after no_dns_updates.
/mjt
More information about the samba-technical
mailing list