==1924==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8 READ of size 24 at 0x7ffe63f873d0 thread T0 #0 0x7fb99dae1732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) #1 0x7fb99cfe5549 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34 #2 0x7fb99cfe5549 in ndr_push_bytes ../../librpc/ndr/ndr_basic.c:729 #3 0x7fb99cfe5646 in ndr_push_array_uint8 ../../librpc/ndr/ndr_basic.c:754 #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse librpc/gen_ndr/ndr_netlogon.c:462 #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo librpc/gen_ndr/ndr_netlogon.c:556 #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel librpc/gen_ndr/ndr_netlogon.c:783 #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx librpc/gen_ndr/ndr_netlogon.c:16547 #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416 #9 0x7fb999ddf6a1 in dcerpc_netr_LogonSamLogonEx_r_send librpc/gen_ndr/ndr_netlogon_c.c:8392 #10 0x7fb999de0081 in dcerpc_netr_LogonSamLogonEx_send librpc/gen_ndr/ndr_netlogon_c.c:8504 #11 0x7fb99b0c8ae8 in netlogon_creds_cli_LogonSamLogon_start ../../libcli/auth/netlogon_creds_cli.c:2373 #12 0x7fb99b0ce5d8 in netlogon_creds_cli_LogonSamLogon_send ../../libcli/auth/netlogon_creds_cli.c:2249 #13 0x7fb99b0cebd4 in netlogon_creds_cli_LogonSamLogon ../../libcli/auth/netlogon_creds_cli.c:2660 #14 0x7fb99cdc5a8a in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:573 #15 0x562a9011e41b in cmd_netlogon_sam_logon ../../source3/rpcclient/cmd_netlogon.c:533 #16 0x562a900eb1de in do_cmd ../../source3/rpcclient/rpcclient.c:990 #17 0x562a900eb1de in process_cmd ../../source3/rpcclient/rpcclient.c:1045 #18 0x562a900ed086 in main ../../source3/rpcclient/rpcclient.c:1348 #19 0x7fb99638fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #20 0x562a900e86b9 in _start (/home/gary/projects/samba04/bin/default/source3/rpcclient/rpcclient+0xb26b9) Address 0x7ffe63f873d0 is located in stack of thread T0 at offset 544 in frame #0 0x7fb99cdc516e in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:467 This frame has 9 object(s): [32, 34) 'validation_level' [96, 104) 'validation' [160, 176) 'lm' [224, 240) 'nt' [288, 304) 'lmpassword' [352, 368) 'ntpassword' [416, 424) 'chal' [480, 504) 'local_lm_response' [544, 568) 'local_nt_response' <== Memory access at offset 544 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) Shadow bytes around the buggy address: 0x10004c7e8e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004c7e8e30: 00 00 00 00 00 00 f1 f1 f1 f1 02 f2 f2 f2 f2 f2 0x10004c7e8e40: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f2 f2 0x10004c7e8e50: f2 f2 f8 f8 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 0x10004c7e8e60: f2 f2 00 00 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 =>0x10004c7e8e70: f2 f2 f8 f8 f8 f2 f2 f2 f2 f2[f8]f8 f8 f2 00 00 0x10004c7e8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10004c7e8e90: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2 0x10004c7e8ea0: f2 f2 f2 f2 02 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 0x10004c7e8eb0: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 0x10004c7e8ec0: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==1924==ABORTING To reproduce: make TESTS="samba3.blackbox.rpcclient_samlogon"