samba-tool domain join segfaults (4.16)
Michael Tokarev
mjt at tls.msk.ru
Tue May 24 13:23:52 UTC 2022
[Cc'ing David Mulder]
24.05.2022 16:07, Michael Tokarev via samba-technical wrote:
> 24.05.2022 15:52, Michael Tokarev via samba-technical wrote:
>> Hi!
>>
>> I'm facing a segfault in samba-tool when doing domain join, in
>> source3/utils/py_net.c py_net_join_member(). Here it is (with some
>> omissions for brevity):
>>
>> static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObject *kwargs)
>> {
>> struct libnet_JoinCtx *r = NULL;
>> uint8_t no_dns_updates;
>> ...
>
> gdb) p &r
> $1 = (struct libnet_JoinCtx **) 0x7fffffffd7b8
> (gdb) p &no_dns_updates
> $2 = (uint8_t *) 0x7fffffffd7b7 ""
>
>> if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|sssssszpp:Join",
>> discard_const_p(char *, kwnames),
>> &r->in.dnshostname,
>> &r->in.upn,
>> &r->in.account_ou,
>> &r->in.os_name,
>> &r->in.os_version,
>> &r->in.os_servicepack,
>> &r->in.machine_password,
>> &r->in.debug,
>> &no_dns_updates)) {
>
> It looks like when PyArg_ParseTupleAndKeywords() is setting no_dns_updates,
> it does more than single byte, affecting the value of r too. Note the
> addresses of the two - r is right on the next byte after no_dns_updates.
And according to https://docs.python.org/3/c-api/arg.html , 'p' arg
of PyArg_ParseTupleAndKeywords() expects an argument of type int, not
[unsigned] char.
And indeed, this change:
diff --git a/source3/utils/py_net.c b/source3/utils/py_net.c
index 0d774bcb805..c331bf30db4 100644
--- a/source3/utils/py_net.c
+++ b/source3/utils/py_net.c
@@ -71 +71 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec
- uint8_t no_dns_updates;
+ int no_dns_updates;
fixes the segfault and makes samba-tool domain join work.
But I wonder about in.debug field, - I'm not sure where this
struct is defined..
/mjt
More information about the samba-technical
mailing list