The Samba-Bugzilla – Attachment 15150 Details for
Bug 13936
ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Proposed patch for V4.10
bug-13936-v4-10.patch.txt (text/plain), 3.01 KB, created by
Gary Lockyer
on 2019-05-15 02:06:00 UTC
(
hide
)
Description:
Proposed patch for V4.10
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-05-15 02:06:00 UTC
Size:
3.01 KB
patch
obsolete
>From e8b88b85ff09e57c0a56253f55a713e8ded58fd8 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Fri, 10 May 2019 08:47:46 +1200 >Subject: [PATCH] s3 rpc_client: Fix Asan stack use after scope > >Fixes Asan error: > >==1924==ERROR: AddressSanitizer: stack-use-after-scope on address > 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8 >READ of size 24 at 0x7ffe63f873d0 thread T0 > #0 0x7fb99dae1732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732) > #1 0x7fb99cfe5549 in memcpy > /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34 > #2 0x7fb99cfe5549 in ndr_push_bytes > ../../librpc/ndr/ndr_basic.c:729 > #3 0x7fb99cfe5646 in ndr_push_array_uint8 > ../../librpc/ndr/ndr_basic.c:754 > #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse > librpc/gen_ndr/ndr_netlogon.c:462 > #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo > librpc/gen_ndr/ndr_netlogon.c:556 > #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel > librpc/gen_ndr/ndr_netlogon.c:783 > #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx > librpc/gen_ndr/ndr_netlogon.c:16547 > #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send > ../../librpc/rpc/binding_handle.c:416 > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13936 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Fri May 10 10:02:21 UTC 2019 on sn-devel-184 > >(cherry picked from commit a5d1df4a8f9c535ff2f7ef11d7dfea4d79d65e7e) >--- > source3/rpc_client/cli_netlogon.c | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > >diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c >index 2aa0f5e7b1c..f073f0d925e 100644 >--- a/source3/rpc_client/cli_netlogon.c >+++ b/source3/rpc_client/cli_netlogon.c >@@ -471,6 +471,13 @@ NTSTATUS rpccli_netlogon_password_logon( > union netr_Validation *validation = NULL; > char *workstation_slash = NULL; > >+ unsigned char local_nt_response[24]; >+ unsigned char local_lm_response[24]; >+ struct samr_Password lmpassword = {.hash = {0}}; >+ struct samr_Password ntpassword = {.hash = {0}}; >+ struct netr_ChallengeResponse lm = {0}; >+ struct netr_ChallengeResponse nt = {0}; >+ > logon = talloc_zero(frame, union netr_LogonLevel); > if (logon == NULL) { > TALLOC_FREE(frame); >@@ -495,8 +502,6 @@ NTSTATUS rpccli_netlogon_password_logon( > > struct netr_PasswordInfo *password_info; > >- struct samr_Password lmpassword; >- struct samr_Password ntpassword; > > password_info = talloc_zero(frame, struct netr_PasswordInfo); > if (password_info == NULL) { >@@ -524,10 +529,6 @@ NTSTATUS rpccli_netlogon_password_logon( > case NetlogonNetworkTransitiveInformation: { > struct netr_NetworkInfo *network_info; > uint8_t chal[8]; >- unsigned char local_lm_response[24]; >- unsigned char local_nt_response[24]; >- struct netr_ChallengeResponse lm; >- struct netr_ChallengeResponse nt; > > ZERO_STRUCT(lm); > ZERO_STRUCT(nt); >-- >2.17.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15150">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review+
gary
:
ci-passed+
Actions:
View
Attachments on
bug 13936
:
15132
| 15150