Reproduce with: * configure with --address-sanitizer enabled * make TESTS="ldap.python" test ================================================================= ==5132==ERROR: AddressSanitizer: heap-use-after-free on address 0x61400026a4a0 at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170 READ of size 1 at 0x61400026a4a0 thread T0 #0 0x7fd555c52f11 in ldb_should_b64_encode ../../lib/ldb/common/ldb_ldif.c:197 #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491 #2 0x7fd539dc9417 in dsdb_audit_attributes_json ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651 #3 0x7fd539dc6a7e in operation_json ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305 #4 0x7fd539dc6a7e in log_standard_operation ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1182 #5 0x7fd539dc6a7e in log_operation ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1302 #6 0x7fd539dc6a7e in audit_callback ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1486 #7 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #8 0x7fd544d739f1 in dsdb_next_callback ../../source4/dsdb/samdb/ldb_modules/util.c:888 #9 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #10 0x7fd53a5ede76 in acl_callback ../../source4/dsdb/samdb/ldb_modules/acl.c:1263 #11 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #12 0x7fd53664f650 in oc_op_callback ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:589 #13 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #14 0x7fd555c5156a in ldb_next_request ../../lib/ldb/common/ldb_modules.c:604 #15 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 #16 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #17 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 #18 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 #19 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #20 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 #21 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #22 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 #23 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 #24 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #25 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 #26 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #27 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 #28 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #29 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 #30 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #31 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 #32 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #33 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 #34 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #35 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 #36 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #37 0x7fd538f5d8c8 in extended_dn_in_fix ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:604 #38 0x7fd538f5ddf4 in extended_dn_in_modify ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:729 #39 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #40 0x7fd538b47dda in extended_replace_callback ../../source4/dsdb/samdb/ldb_modules/extended_dn_store.c:450 #41 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #42 0x7fd53a5f3346 in acl_search_callback ../../source4/dsdb/samdb/ldb_modules/acl.c:2111 #43 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #44 0x7fd53916a379 in es_callback ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1426 #45 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #46 0x7fd5362384a8 in operational_callback ../../source4/dsdb/samdb/ldb_modules/operational.c:1571 #47 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #48 0x7fd538d513e1 in extended_callback ../../source4/dsdb/samdb/ldb_modules/extended_dn_out.c:424 #49 0x7fd538d52f34 in extended_callback_ldb ../../source4/dsdb/samdb/ldb_modules/extended_dn_out.c:662 #50 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #51 0x7fd544d739f1 in dsdb_next_callback ../../source4/dsdb/samdb/ldb_modules/util.c:888 #52 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 #53 0x7fd535c0eec2 in partition_req_callback ../../source4/dsdb/samdb/ldb_modules/partition.c:213 #54 0x7fd5378e24be in ldb_kv_request_done ../../lib/ldb/ldb_key_value/ldb_kv.c:1634 #55 0x7fd5378e6c7b in ldb_kv_callback ../../lib/ldb/ldb_key_value/ldb_kv.c:1744 #56 0x7fd5560fd3ff in tevent_common_invoke_timer_handler ../../lib/tevent/tevent_timed.c:370 #57 0x7fd5560fda8f in tevent_common_loop_timer_delay ../../lib/tevent/tevent_timed.c:442 #58 0x7fd556102487 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:922 #59 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 #60 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 #61 0x7fd555c47e48 in ldb_wait ../../lib/ldb/common/ldb.c:639 #62 0x7fd54302699b in ldapsrv_mod_with_controls ../../source4/ldap_server/ldap_backend.c:388 #63 0x7fd54302699b in ldapsrv_ModifyRequest ../../source4/ldap_server/ldap_backend.c:857 #64 0x7fd54302699b in ldapsrv_do_call ../../source4/ldap_server/ldap_backend.c:1312 #65 0x7fd54301c635 in ldapsrv_process_call_trigger ../../source4/ldap_server/ldap_server.c:955 #66 0x7fd5560f029d in tevent_queue_immediate_trigger ../../lib/tevent/tevent_queue.c:149 #67 0x7fd5560ef857 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:166 #68 0x7fd5560ef894 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:203 #69 0x7fd55610245e in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:918 #70 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 #71 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 #72 0x7fd5560ed4da in tevent_common_loop_wait ../../lib/tevent/tevent.c:895 #73 0x7fd5560fb527 in std_event_loop_wait ../../lib/tevent/tevent_standard.c:141 #74 0x7fd5560ed58b in _tevent_loop_wait ../../lib/tevent/tevent.c:914 #75 0x7fd5453dd078 in standard_accept_connection ../../source4/smbd/process_standard.c:411 #76 0x7fd555a1ce26 in stream_accept_handler ../../source4/smbd/service_stream.c:267 #77 0x7fd5560ee7d3 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:138 #78 0x7fd556102c65 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:736 #79 0x7fd556102c65 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:937 #80 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 #81 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 #82 0x7fd5560ed4da in tevent_common_loop_wait ../../lib/tevent/tevent.c:895 #83 0x7fd5560fb527 in std_event_loop_wait ../../lib/tevent/tevent_standard.c:141 #84 0x7fd5560ed58b in _tevent_loop_wait ../../lib/tevent/tevent.c:914 #85 0x7fd5453dc170 in standard_new_task ../../source4/smbd/process_standard.c:534 #86 0x7fd555a1fc55 in task_server_startup ../../source4/smbd/service_task.c:127 #87 0x7fd555a1cc08 in server_service_init ../../source4/smbd/service.c:67 #88 0x7fd555a1cc08 in server_service_startup ../../source4/smbd/service.c:104 #89 0x55e6245f9ef5 in binary_smbd_main ../../source4/smbd/server.c:848 #90 0x55e6245faf7e in main ../../source4/smbd/server.c:879 #91 0x7fd55312bb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #92 0x55e6245f72e9 in _start (/home/gary/projects/samba04/bin/default/source4/smbd/samba+0x82e9) 0x61400026a4a0 is located 96 bytes inside of 438-byte region [0x61400026a440,0x61400026a5f6) freed by thread T0 here: #0 0x7fd5570587b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) #1 0x7fd555ecae6d in _tc_free_internal ../../lib/talloc/talloc.c:1221 #2 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #3 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #4 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #5 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #6 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #7 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 #8 0x7fd555eb8baf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 #9 0x7fd555eb8baf in _tc_free_internal ../../lib/talloc/talloc.c:1183 #10 0x7fd555eb8baf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 #11 0x7fd555eb8baf in _talloc_free ../../lib/talloc/talloc.c:1789 #12 0x7fd534d13fc5 in replmd_modify ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3667 #13 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #14 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 #15 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #16 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 #17 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 #18 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #19 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 #20 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #21 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 #22 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 #23 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #24 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 #25 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #26 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 #27 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #28 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 #29 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #30 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 #31 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #32 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 #33 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #34 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 #35 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 previously allocated by thread T0 here: #0 0x7fd557058b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) #1 0x7fd555ec0fbb in __talloc_with_prefix ../../lib/talloc/talloc.c:782 #2 0x7fd555ec0fbb in __talloc ../../lib/talloc/talloc.c:824 #3 0x7fd555ec0fbb in __talloc_strlendup ../../lib/talloc/talloc.c:2455 #4 0x7fd555ec0fbb in talloc_strdup ../../lib/talloc/talloc.c:2471 #5 0x7fd554be05b5 in dsdb_dn_get_with_postfix ../../source4/dsdb/common/dsdb_dn.c:251 #6 0x7fd554be1526 in dsdb_dn_get_extended_linearized ../../source4/dsdb/common/dsdb_dn.c:295 #7 0x7fd534cf1c50 in replmd_set_la_val ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2404 #8 0x7fd534d1245f in replmd_build_la_val ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2232 #9 0x7fd534d1245f in replmd_modify_la_replace ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3208 #10 0x7fd534d1245f in replmd_modify_handle_linked_attribs ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3336 #11 0x7fd534d1245f in replmd_modify ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3664 #12 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #13 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 #14 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #15 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 #16 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 #17 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #18 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 #19 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #20 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 #21 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 #22 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #23 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 #24 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #25 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 #26 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #27 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 #28 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #29 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 #30 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #31 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 #32 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #33 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 #34 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 #35 0x7fd538f5d8c8 in extended_dn_in_fix ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:604 SUMMARY: AddressSanitizer: heap-use-after-free ../../lib/ldb/common/ldb_ldif.c:197 in ldb_should_b64_encode Shadow bytes around the buggy address: 0x0c2880045440: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c2880045450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2880045460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2880045470: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa 0x0c2880045480: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c2880045490: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd 0x0c28800454a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c28800454b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c28800454c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c28800454d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c28800454e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==5132==ABORTING