The Samba-Bugzilla – Attachment 15143 Details for
Bug 13941
ASAN detected use after free ldb_should_b64_encode
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
ASAN error report
asan_013.txt (text/plain), 16.30 KB, created by
Gary Lockyer
on 2019-05-13 01:40:24 UTC
(
hide
)
Description:
ASAN error report
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-13 01:40:24 UTC
Size:
16.30 KB
patch
obsolete
>Reproduce with: > * configure with --address-sanitizer enabled > * make TESTS="ldap.python" test > >================================================================= >==5132==ERROR: AddressSanitizer: heap-use-after-free on address 0x61400026a4a0 at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170 >READ of size 1 at 0x61400026a4a0 thread T0 > #0 0x7fd555c52f11 in ldb_should_b64_encode ../../lib/ldb/common/ldb_ldif.c:197 > #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491 > #2 0x7fd539dc9417 in dsdb_audit_attributes_json ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651 > #3 0x7fd539dc6a7e in operation_json ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305 > #4 0x7fd539dc6a7e in log_standard_operation ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1182 > #5 0x7fd539dc6a7e in log_operation ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1302 > #6 0x7fd539dc6a7e in audit_callback ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1486 > #7 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #8 0x7fd544d739f1 in dsdb_next_callback ../../source4/dsdb/samdb/ldb_modules/util.c:888 > #9 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #10 0x7fd53a5ede76 in acl_callback ../../source4/dsdb/samdb/ldb_modules/acl.c:1263 > #11 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #12 0x7fd53664f650 in oc_op_callback ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:589 > #13 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #14 0x7fd555c5156a in ldb_next_request ../../lib/ldb/common/ldb_modules.c:604 > #15 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 > #16 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #17 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 > #18 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 > #19 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #20 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 > #21 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #22 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 > #23 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 > #24 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #25 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 > #26 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #27 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 > #28 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #29 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 > #30 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #31 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 > #32 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #33 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 > #34 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #35 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 > #36 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #37 0x7fd538f5d8c8 in extended_dn_in_fix ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:604 > #38 0x7fd538f5ddf4 in extended_dn_in_modify ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:729 > #39 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #40 0x7fd538b47dda in extended_replace_callback ../../source4/dsdb/samdb/ldb_modules/extended_dn_store.c:450 > #41 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #42 0x7fd53a5f3346 in acl_search_callback ../../source4/dsdb/samdb/ldb_modules/acl.c:2111 > #43 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #44 0x7fd53916a379 in es_callback ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1426 > #45 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #46 0x7fd5362384a8 in operational_callback ../../source4/dsdb/samdb/ldb_modules/operational.c:1571 > #47 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #48 0x7fd538d513e1 in extended_callback ../../source4/dsdb/samdb/ldb_modules/extended_dn_out.c:424 > #49 0x7fd538d52f34 in extended_callback_ldb ../../source4/dsdb/samdb/ldb_modules/extended_dn_out.c:662 > #50 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #51 0x7fd544d739f1 in dsdb_next_callback ../../source4/dsdb/samdb/ldb_modules/util.c:888 > #52 0x7fd555c502c4 in ldb_module_done ../../lib/ldb/common/ldb_modules.c:868 > #53 0x7fd535c0eec2 in partition_req_callback ../../source4/dsdb/samdb/ldb_modules/partition.c:213 > #54 0x7fd5378e24be in ldb_kv_request_done ../../lib/ldb/ldb_key_value/ldb_kv.c:1634 > #55 0x7fd5378e6c7b in ldb_kv_callback ../../lib/ldb/ldb_key_value/ldb_kv.c:1744 > #56 0x7fd5560fd3ff in tevent_common_invoke_timer_handler ../../lib/tevent/tevent_timed.c:370 > #57 0x7fd5560fda8f in tevent_common_loop_timer_delay ../../lib/tevent/tevent_timed.c:442 > #58 0x7fd556102487 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:922 > #59 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #60 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #61 0x7fd555c47e48 in ldb_wait ../../lib/ldb/common/ldb.c:639 > #62 0x7fd54302699b in ldapsrv_mod_with_controls ../../source4/ldap_server/ldap_backend.c:388 > #63 0x7fd54302699b in ldapsrv_ModifyRequest ../../source4/ldap_server/ldap_backend.c:857 > #64 0x7fd54302699b in ldapsrv_do_call ../../source4/ldap_server/ldap_backend.c:1312 > #65 0x7fd54301c635 in ldapsrv_process_call_trigger ../../source4/ldap_server/ldap_server.c:955 > #66 0x7fd5560f029d in tevent_queue_immediate_trigger ../../lib/tevent/tevent_queue.c:149 > #67 0x7fd5560ef857 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:166 > #68 0x7fd5560ef894 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:203 > #69 0x7fd55610245e in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:918 > #70 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #71 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #72 0x7fd5560ed4da in tevent_common_loop_wait ../../lib/tevent/tevent.c:895 > #73 0x7fd5560fb527 in std_event_loop_wait ../../lib/tevent/tevent_standard.c:141 > #74 0x7fd5560ed58b in _tevent_loop_wait ../../lib/tevent/tevent.c:914 > #75 0x7fd5453dd078 in standard_accept_connection ../../source4/smbd/process_standard.c:411 > #76 0x7fd555a1ce26 in stream_accept_handler ../../source4/smbd/service_stream.c:267 > #77 0x7fd5560ee7d3 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:138 > #78 0x7fd556102c65 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:736 > #79 0x7fd556102c65 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:937 > #80 0x7fd5560fb612 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110 > #81 0x7fd5560ece16 in _tevent_loop_once ../../lib/tevent/tevent.c:772 > #82 0x7fd5560ed4da in tevent_common_loop_wait ../../lib/tevent/tevent.c:895 > #83 0x7fd5560fb527 in std_event_loop_wait ../../lib/tevent/tevent_standard.c:141 > #84 0x7fd5560ed58b in _tevent_loop_wait ../../lib/tevent/tevent.c:914 > #85 0x7fd5453dc170 in standard_new_task ../../source4/smbd/process_standard.c:534 > #86 0x7fd555a1fc55 in task_server_startup ../../source4/smbd/service_task.c:127 > #87 0x7fd555a1cc08 in server_service_init ../../source4/smbd/service.c:67 > #88 0x7fd555a1cc08 in server_service_startup ../../source4/smbd/service.c:104 > #89 0x55e6245f9ef5 in binary_smbd_main ../../source4/smbd/server.c:848 > #90 0x55e6245faf7e in main ../../source4/smbd/server.c:879 > #91 0x7fd55312bb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #92 0x55e6245f72e9 in _start (/home/gary/projects/samba04/bin/default/source4/smbd/samba+0x82e9) > >0x61400026a4a0 is located 96 bytes inside of 438-byte region [0x61400026a440,0x61400026a5f6) >freed by thread T0 here: > #0 0x7fd5570587b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8) > #1 0x7fd555ecae6d in _tc_free_internal ../../lib/talloc/talloc.c:1221 > #2 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #3 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #4 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #5 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #6 0x7fd555eca4ca in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #7 0x7fd555eca4ca in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #8 0x7fd555eb8baf in _tc_free_children_internal ../../lib/talloc/talloc.c:1666 > #9 0x7fd555eb8baf in _tc_free_internal ../../lib/talloc/talloc.c:1183 > #10 0x7fd555eb8baf in _talloc_free_internal ../../lib/talloc/talloc.c:1247 > #11 0x7fd555eb8baf in _talloc_free ../../lib/talloc/talloc.c:1789 > #12 0x7fd534d13fc5 in replmd_modify ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3667 > #13 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #14 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 > #15 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #16 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 > #17 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 > #18 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #19 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 > #20 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #21 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 > #22 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 > #23 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #24 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 > #25 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #26 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 > #27 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #28 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 > #29 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #30 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 > #31 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #32 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 > #33 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #34 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 > #35 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > >previously allocated by thread T0 here: > #0 0x7fd557058b50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50) > #1 0x7fd555ec0fbb in __talloc_with_prefix ../../lib/talloc/talloc.c:782 > #2 0x7fd555ec0fbb in __talloc ../../lib/talloc/talloc.c:824 > #3 0x7fd555ec0fbb in __talloc_strlendup ../../lib/talloc/talloc.c:2455 > #4 0x7fd555ec0fbb in talloc_strdup ../../lib/talloc/talloc.c:2471 > #5 0x7fd554be05b5 in dsdb_dn_get_with_postfix ../../source4/dsdb/common/dsdb_dn.c:251 > #6 0x7fd554be1526 in dsdb_dn_get_extended_linearized ../../source4/dsdb/common/dsdb_dn.c:295 > #7 0x7fd534cf1c50 in replmd_set_la_val ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2404 > #8 0x7fd534d1245f in replmd_build_la_val ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:2232 > #9 0x7fd534d1245f in replmd_modify_la_replace ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3208 > #10 0x7fd534d1245f in replmd_modify_handle_linked_attribs ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3336 > #11 0x7fd534d1245f in replmd_modify ../../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3664 > #12 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #13 0x7fd534f37d13 in rdn_name_modify ../../lib/ldb/modules/rdn_name.c:568 > #14 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #15 0x7fd536651305 in attr_handler ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:317 > #16 0x7fd536652802 in objectclass_attrs_modify ../../source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:714 > #17 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #18 0x7fd538526637 in instancetype_mod ../../source4/dsdb/samdb/ldb_modules/instancetype.c:160 > #19 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #20 0x7fd5359e11ea in password_hash_needed ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4343 > #21 0x7fd5359e20ea in password_hash_modify ../../source4/dsdb/samdb/ldb_modules/password_hash.c:4483 > #22 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #23 0x7fd533c6d7f4 in samldb_modify ../../source4/dsdb/samdb/ldb_modules/samldb.c:3883 > #24 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #25 0x7fd53a5f0d0d in acl_modify ../../source4/dsdb/samdb/ldb_modules/acl.c:1524 > #26 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #27 0x7fd5399ab868 in descriptor_modify ../../source4/dsdb/samdb/ldb_modules/descriptor.c:746 > #28 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #29 0x7fd53220952b in tombstone_reanimate_modify ../../source4/dsdb/samdb/ldb_modules/tombstone_reanimate.c:357 > #30 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #31 0x7fd53685e6a8 in objectclass_modify ../../source4/dsdb/samdb/ldb_modules/objectclass.c:740 > #32 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #33 0x7fd539dc7cb8 in log_modify ../../source4/dsdb/samdb/ldb_modules/audit_log.c:1685 > #34 0x7fd555c50be6 in ldb_next_request ../../lib/ldb/common/ldb_modules.c:541 > #35 0x7fd538f5d8c8 in extended_dn_in_fix ../../source4/dsdb/samdb/ldb_modules/extended_dn_in.c:604 > >SUMMARY: AddressSanitizer: heap-use-after-free ../../lib/ldb/common/ldb_ldif.c:197 in ldb_should_b64_encode >Shadow bytes around the buggy address: > 0x0c2880045440: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd > 0x0c2880045450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c2880045460: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c2880045470: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa > 0x0c2880045480: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd >=>0x0c2880045490: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd > 0x0c28800454a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c28800454b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa > 0x0c28800454c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd > 0x0c28800454d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd > 0x0c28800454e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd >Shadow byte legend (one shadow byte represents 8 application bytes): > Addressable: 00 > Partially addressable: 01 02 03 04 05 06 07 > Heap left redzone: fa > Freed heap region: fd > Stack left redzone: f1 > Stack mid redzone: f2 > Stack right redzone: f3 > Stack after return: f5 > Stack use after scope: f8 > Global redzone: f9 > Global init order: f6 > Poisoned by user: f7 > Container overflow: fc > Array cookie: ac > Intra object redzone: bb > ASan internal: fe > Left alloca redzone: ca > Right alloca redzone: cb >==5132==ABORTING
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 13941
: 15143 |
15167