The Samba-Bugzilla – Attachment 15132 Details for
Bug 13936
ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN error report
asan_011.txt (text/plain), 4.21 KB, created by
Gary Lockyer
on 2019-05-08 22:27:23 UTC
(
hide
)
Description:
ASAN error report
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-08 22:27:23 UTC
Size:
4.21 KB
patch
obsolete
>==1924==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8 >READ of size 24 at 0x7ffe63f873d0 thread T0 > #0 0x7fb99dae1732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) > #1 0x7fb99cfe5549 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34 > #2 0x7fb99cfe5549 in ndr_push_bytes ../../librpc/ndr/ndr_basic.c:729 > #3 0x7fb99cfe5646 in ndr_push_array_uint8 ../../librpc/ndr/ndr_basic.c:754 > #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse librpc/gen_ndr/ndr_netlogon.c:462 > #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo librpc/gen_ndr/ndr_netlogon.c:556 > #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel librpc/gen_ndr/ndr_netlogon.c:783 > #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx librpc/gen_ndr/ndr_netlogon.c:16547 > #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416 > #9 0x7fb999ddf6a1 in dcerpc_netr_LogonSamLogonEx_r_send librpc/gen_ndr/ndr_netlogon_c.c:8392 > #10 0x7fb999de0081 in dcerpc_netr_LogonSamLogonEx_send librpc/gen_ndr/ndr_netlogon_c.c:8504 > #11 0x7fb99b0c8ae8 in netlogon_creds_cli_LogonSamLogon_start ../../libcli/auth/netlogon_creds_cli.c:2373 > #12 0x7fb99b0ce5d8 in netlogon_creds_cli_LogonSamLogon_send ../../libcli/auth/netlogon_creds_cli.c:2249 > #13 0x7fb99b0cebd4 in netlogon_creds_cli_LogonSamLogon ../../libcli/auth/netlogon_creds_cli.c:2660 > #14 0x7fb99cdc5a8a in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:573 > #15 0x562a9011e41b in cmd_netlogon_sam_logon ../../source3/rpcclient/cmd_netlogon.c:533 > #16 0x562a900eb1de in do_cmd ../../source3/rpcclient/rpcclient.c:990 > #17 0x562a900eb1de in process_cmd ../../source3/rpcclient/rpcclient.c:1045 > #18 0x562a900ed086 in main ../../source3/rpcclient/rpcclient.c:1348 > #19 0x7fb99638fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #20 0x562a900e86b9 in _start (/home/gary/projects/samba04/bin/default/source3/rpcclient/rpcclient+0xb26b9) > >Address 0x7ffe63f873d0 is located in stack of thread T0 at offset 544 in frame > #0 0x7fb99cdc516e in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:467 > > This frame has 9 object(s): > [32, 34) 'validation_level' > [96, 104) 'validation' > [160, 176) 'lm' > [224, 240) 'nt' > [288, 304) 'lmpassword' > [352, 368) 'ntpassword' > [416, 424) 'chal' > [480, 504) 'local_lm_response' > [544, 568) 'local_nt_response' <== Memory access at offset 544 is inside this variable >HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext > (longjmp and C++ exceptions *are* supported) >SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) >Shadow bytes around the buggy address: > 0x10004c7e8e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x10004c7e8e30: 00 00 00 00 00 00 f1 f1 f1 f1 02 f2 f2 f2 f2 f2 > 0x10004c7e8e40: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f2 f2 > 0x10004c7e8e50: f2 f2 f8 f8 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 > 0x10004c7e8e60: f2 f2 00 00 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 >=>0x10004c7e8e70: f2 f2 f8 f8 f8 f2 f2 f2 f2 f2[f8]f8 f8 f2 00 00 > 0x10004c7e8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 0x10004c7e8e90: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2 > 0x10004c7e8ea0: f2 f2 f2 f2 02 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 > 0x10004c7e8eb0: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 > 0x10004c7e8ec0: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb >==1924==ABORTING > >To reproduce: >make TESTS="samba3.blackbox.rpcclient_samlogon"
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13936
: 15132 |
15150