The Samba-Bugzilla – Attachment 15120 Details for
Bug 13927
ASAN detected use after free in nsswitch/pam_winbind.c
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN error report
asan_003.txt (text/plain), 10.69 KB, created by
Gary Lockyer
on 2019-05-05 23:14:31 UTC
(
hide
)
Description:
ASAN error report
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-05 23:14:31 UTC
Size:
10.69 KB
patch
obsolete
>================================================================= [151/1886] >==20454==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000002400 at pc 0x >7f07cdc76074 bp 0x7ffe81593db0 sp 0x7ffe81593da0 >READ of size 4 at 0x607000002400 thread T0 > #0 0x7f07cdc76073 in wbcFreeMemory ../../nsswitch/libwbclient/wbclient.c:229 > #1 0x7f07cdc768b2 in wbcLogonUserInfoDestructor ../../nsswitch/libwbclient/wbc_pam.$ >:315 > #2 0x7f07cdc7605e in wbcFreeMemory ../../nsswitch/libwbclient/wbclient.c:237 > #3 0x7f07c409835f in winbind_auth_request ../../nsswitch/pam_winbind.c:1939 > #4 0x7f07c409952c in pam_sm_authenticate ../../nsswitch/pam_winbind.c:2735 > #5 0x7f07c42add78 (/tmp/pam.A/lib/libpam.so.0+0x2d78) > #6 0x7f07c42ad5e2 in pam_authenticate (/tmp/pam.A/lib/libpam.so.0+0x25e2) > #7 0x7f07dd18258d in libpam_pam_authenticate ../../third_party/pam_wrapper/pam_wrap$ >er.c:395 > #8 0x7f07dd18258d in pwrap_pam_authenticate ../../third_party/pam_wrapper/pam_wrapp$ >r.c:1184 > #9 0x7f07dd18258d in pam_authenticate ../../third_party/pam_wrapper/pam_wrapper.c:1$ >89 > #10 0x7f07c44bfe7e in run_test_case ../../third_party/pam_wrapper/libpamtest.c:34 > #11 0x7f07c44bfe7e in _pamtest_conv ../../third_party/pam_wrapper/libpamtest.c:93 > #12 0x7f07c44c061d in _pamtest ../../third_party/pam_wrapper/libpamtest.c:331 > #13 0x7f07c44be68f in pypamtest_run_pamtest ../../third_party/pam_wrapper/python/py$ >amtest.c:958 > #14 0x502d6e (/usr/bin/python3.6+0x502d6e) > #15 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #16 0x502208 (/usr/bin/python3.6+0x502208) > #17 0x502f3c (/usr/bin/python3.6+0x502f3c) > #18 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #19 0x504c27 (/usr/bin/python3.6+0x504c27) > #20 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #21 0x591460 (/usr/bin/python3.6+0x591460) > #22 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #23 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #24 0x504c27 (/usr/bin/python3.6+0x504c27) > #25 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #26 0x591460 (/usr/bin/python3.6+0x591460) > #27 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #28 0x54d4e1 (/usr/bin/python3.6+0x54d4e1) > #29 0x5a730b in _PyObject_FastCallKeywords (/usr/bin/python3.6+0x5a730b) > #30 0x503072 (/usr/bin/python3.6+0x503072) > #31 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #32 0x504c27 (/usr/bin/python3.6+0x504c27) > #33 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #34 0x591460 (/usr/bin/python3.6+0x591460) > #35 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #36 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #37 0x504c27 (/usr/bin/python3.6+0x504c27) > #38 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #39 0x591460 (/usr/bin/python3.6+0x591460) > #40 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #41 0x54d4e1 (/usr/bin/python3.6+0x54d4e1) > #42 0x5a730b in _PyObject_FastCallKeywords (/usr/bin/python3.6+0x5a730b) > #43 0x503072 (/usr/bin/python3.6+0x503072) > #44 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #45 0x504c27 (/usr/bin/python3.6+0x504c27) > #46 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #47 0x591460 (/usr/bin/python3.6+0x591460) > #48 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #49 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #50 0x504c27 (/usr/bin/python3.6+0x504c27) > #51 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #52 0x591460 (/usr/bin/python3.6+0x591460) > #53 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #54 0x54d4e1 (/usr/bin/python3.6+0x54d4e1) > #55 0x5a730b in _PyObject_FastCallKeywords (/usr/bin/python3.6+0x5a730b) > #56 0x503072 (/usr/bin/python3.6+0x503072) > #57 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #58 0x504c27 (/usr/bin/python3.6+0x504c27) > #59 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #60 0x591460 (/usr/bin/python3.6+0x591460) > #61 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #62 0x507c16 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507c16) > #63 0x504c27 (/usr/bin/python3.6+0x504c27) > #64 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #65 0x591460 (/usr/bin/python3.6+0x591460) > #66 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) #67 0x54d4e1 (/usr/bin/python3.6+0x54d4e1) [75/1886] > #68 0x5a730b in _PyObject_FastCallKeywords (/usr/bin/python3.6+0x5a730b) > #69 0x503072 (/usr/bin/python3.6+0x503072) > #70 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #71 0x502208 (/usr/bin/python3.6+0x502208) > #72 0x502f3c (/usr/bin/python3.6+0x502f3c) > #73 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #74 0x502208 (/usr/bin/python3.6+0x502208) > #75 0x502f3c (/usr/bin/python3.6+0x502f3c) > #76 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #77 0x504c27 (/usr/bin/python3.6+0x504c27) > #78 0x501b2d in _PyFunction_FastCallDict (/usr/bin/python3.6+0x501b2d) > #79 0x591460 (/usr/bin/python3.6+0x591460) > #80 0x54b812 (/usr/bin/python3.6+0x54b812) > #81 0x555420 (/usr/bin/python3.6+0x555420) > #82 0x5a730b in _PyObject_FastCallKeywords (/usr/bin/python3.6+0x5a730b) > #83 0x503072 (/usr/bin/python3.6+0x503072) > #84 0x507640 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x507640) > #85 0x504c27 (/usr/bin/python3.6+0x504c27) > #86 0x511ec9 (/usr/bin/python3.6+0x511ec9) > #87 0x502d6e (/usr/bin/python3.6+0x502d6e) > #88 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #89 0x504c27 (/usr/bin/python3.6+0x504c27) > #90 0x50253f (/usr/bin/python3.6+0x50253f) > #91 0x502f3c (/usr/bin/python3.6+0x502f3c) > #92 0x506858 in _PyEval_EvalFrameDefault (/usr/bin/python3.6+0x506858) > #93 0x504c27 (/usr/bin/python3.6+0x504c27) > #94 0x58659c (/usr/bin/python3.6+0x58659c) > #95 0x59ebbd in PyObject_Call (/usr/bin/python3.6+0x59ebbd) > #96 0x63835a (/usr/bin/python3.6+0x63835a) > #97 0x639027 in Py_Main (/usr/bin/python3.6+0x639027) > #98 0x4a6f0f in main (/usr/bin/python3.6+0x4a6f0f) > #99 0x7f07dcdabb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #100 0x5afa09 in _start (/usr/bin/python3.6+0x5afa09) > >0x607000002400 is located 0 bytes inside of 80-byte region [0x607000002400,0x60700000245 >0) >freed by thread T0 here: > #0 0x7f07ddcdb7a0 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xed7a0) > #1 0x7f07cdc76067 in wbcFreeMemory ../../nsswitch/libwbclient/wbclient.c:239 > #2 0x7f07c409834b in winbind_auth_request ../../nsswitch/pam_winbind.c:1933 > #3 0x7f07c409952c in pam_sm_authenticate ../../nsswitch/pam_winbind.c:2735 > #4 0x7f07c42add78 (/tmp/pam.A/lib/libpam.so.0+0x2d78) > >previously allocated by thread T0 here: > #0 0x7f07ddcdbd68 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedd68) > #1 0x7f07cdc75fa1 in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:210 > #2 0x7f07cdc86627 in wbcAddNamedBlob ../../nsswitch/libwbclient/wbc_util.c:858 > #3 0x7f07cdc7bd6f in wbc_create_logon_info ../../nsswitch/libwbclient/wbc_pam.c:343 > #4 0x7f07cdc7bd6f in wbcCtxLogonUser ../../nsswitch/libwbclient/wbc_pam.c:1238 > #5 0x7f07c409793d in winbind_auth_request ../../nsswitch/pam_winbind.c:1844 > #6 0x7f07c409952c in pam_sm_authenticate ../../nsswitch/pam_winbind.c:2735 > #7 0x7f07c42add78 (/tmp/pam.A/lib/libpam.so.0+0x2d78) > >SUMMARY: AddressSanitizer: heap-use-after-free ../../nsswitch/libwbclient/wbclient.c:229 > in wbcFreeMemory >Shadow bytes around the buggy address: > 0x0c0e7fff8430: 00 00 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 > 0x0c0e7fff8440: 00 00 00 00 fa fa fa fa fd fd fd fd fd fd fd fd > 0x0c0e7fff8450: fd fd fa fa fa fa 00 00 00 00 00 00 00 00 00 00 > 0x0c0e7fff8460: fa fa fa fa 00 00 00 00 00 00 00 00 00 03 fa fa > 0x0c0e7fff8470: fa fa 00 00 00 00 00 00 00 00 00 03 fa fa fa fa >=>0x0c0e7fff8480:[fd]fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa > 0x0c0e7fff8490: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c0e7fff84a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c0e7fff84b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c0e7fff84c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa > 0x0c0e7fff84d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15120">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13927
: 15120 |
15121
|
15151