Attachment 15132 Details for Bug 13936 – ASAN error report

ASAN error report

asan_011.txt (text/plain), 4.21 KB, created by Gary Lockyer on 2019-05-08 22:27:23 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Gary Lockyer

Created: 2019-05-08 22:27:23 UTC

Size: 4.21 KB

patch

obsolete

>==1924==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8
>READ of size 24 at 0x7ffe63f873d0 thread T0
>    #0 0x7fb99dae1732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
>    #1 0x7fb99cfe5549 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
>    #2 0x7fb99cfe5549 in ndr_push_bytes ../../librpc/ndr/ndr_basic.c:729
>    #3 0x7fb99cfe5646 in ndr_push_array_uint8 ../../librpc/ndr/ndr_basic.c:754
>    #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse librpc/gen_ndr/ndr_netlogon.c:462
>    #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo librpc/gen_ndr/ndr_netlogon.c:556
>    #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel librpc/gen_ndr/ndr_netlogon.c:783
>    #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx librpc/gen_ndr/ndr_netlogon.c:16547
>    #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
>    #9 0x7fb999ddf6a1 in dcerpc_netr_LogonSamLogonEx_r_send librpc/gen_ndr/ndr_netlogon_c.c:8392
>    #10 0x7fb999de0081 in dcerpc_netr_LogonSamLogonEx_send librpc/gen_ndr/ndr_netlogon_c.c:8504
>    #11 0x7fb99b0c8ae8 in netlogon_creds_cli_LogonSamLogon_start ../../libcli/auth/netlogon_creds_cli.c:2373
>    #12 0x7fb99b0ce5d8 in netlogon_creds_cli_LogonSamLogon_send ../../libcli/auth/netlogon_creds_cli.c:2249
>    #13 0x7fb99b0cebd4 in netlogon_creds_cli_LogonSamLogon ../../libcli/auth/netlogon_creds_cli.c:2660
>    #14 0x7fb99cdc5a8a in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:573
>    #15 0x562a9011e41b in cmd_netlogon_sam_logon ../../source3/rpcclient/cmd_netlogon.c:533
>    #16 0x562a900eb1de in do_cmd ../../source3/rpcclient/rpcclient.c:990
>    #17 0x562a900eb1de in process_cmd ../../source3/rpcclient/rpcclient.c:1045
>    #18 0x562a900ed086 in main ../../source3/rpcclient/rpcclient.c:1348
>    #19 0x7fb99638fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
>    #20 0x562a900e86b9 in _start (/home/gary/projects/samba04/bin/default/source3/rpcclient/rpcclient+0xb26b9)
>
>Address 0x7ffe63f873d0 is located in stack of thread T0 at offset 544 in frame
>    #0 0x7fb99cdc516e in rpccli_netlogon_password_logon ../../source3/rpc_client/cli_netlogon.c:467
>
>  This frame has 9 object(s):
>    [32, 34) 'validation_level'
>    [96, 104) 'validation'
>    [160, 176) 'lm'
>    [224, 240) 'nt'
>    [288, 304) 'lmpassword'
>    [352, 368) 'ntpassword'
>    [416, 424) 'chal'
>    [480, 504) 'local_lm_response'
>    [544, 568) 'local_nt_response' <== Memory access at offset 544 is inside this variable
>HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
>      (longjmp and C++ exceptions *are* supported)
>SUMMARY: AddressSanitizer: stack-use-after-scope (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) 
>Shadow bytes around the buggy address:
>  0x10004c7e8e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>  0x10004c7e8e30: 00 00 00 00 00 00 f1 f1 f1 f1 02 f2 f2 f2 f2 f2
>  0x10004c7e8e40: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f2 f2
>  0x10004c7e8e50: f2 f2 f8 f8 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2
>  0x10004c7e8e60: f2 f2 00 00 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2
>=>0x10004c7e8e70: f2 f2 f8 f8 f8 f2 f2 f2 f2 f2[f8]f8 f8 f2 00 00
>  0x10004c7e8e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>  0x10004c7e8e90: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 f2 f2
>  0x10004c7e8ea0: f2 f2 f2 f2 02 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
>  0x10004c7e8eb0: f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2
>  0x10004c7e8ec0: f2 f2 f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2
>Shadow byte legend (one shadow byte represents 8 application bytes):
>  Addressable:           00
>  Partially addressable: 01 02 03 04 05 06 07 
>  Heap left redzone:       fa
>  Freed heap region:       fd
>  Stack left redzone:      f1
>  Stack mid redzone:       f2
>  Stack right redzone:     f3
>  Stack after return:      f5
>  Stack use after scope:   f8
>  Global redzone:          f9
>  Global init order:       f6
>  Poisoned by user:        f7
>  Container overflow:      fc
>  Array cookie:            ac
>  Intra object redzone:    bb
>  ASan internal:           fe
>  Left alloca redzone:     ca
>  Right alloca redzone:    cb
>==1924==ABORTING
>
>To reproduce:
>make TESTS="samba3.blackbox.rpcclient_samlogon"

Actions: View

Attachments on bug 13936: 15132 | 15150