From 0e470727b6eaa9b0b8e77890e8cec84951f45ebf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 30 Jan 2020 16:41:39 +1300 Subject: [PATCH 1/2] dsdb: Correctly handle memory in objectclass_attrs el->values is caller-provided memory that should be thought of as constant, it should not be assumed to be a talloc context. Otherwise, if the caller gives constant memory or a stack pointer we will get an abort() in talloc when it expects a talloc magic in the memory preceeding the el->values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher (cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263) --- .../dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c index 67c93ca08d8..438d39e2521 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass_attrs.c @@ -133,7 +133,16 @@ static int oc_auto_normalise(struct ldb_context *ldb, const struct dsdb_attribut for (i=0; inum_values; i++) { struct ldb_val v; int ret; - ret = attr->ldb_schema_attribute->syntax->canonicalise_fn(ldb, el->values, &el->values[i], &v); + /* + * We use msg->elements (owned by this module due to + * ldb_msg_copy_shallow()) as a memory context and + * then steal from there to the right spot if we don't + * free it. + */ + ret = attr->ldb_schema_attribute->syntax->canonicalise_fn(ldb, + msg->elements, + &el->values[i], + &v); if (ret != LDB_SUCCESS) { return ret; } @@ -156,6 +165,12 @@ static int oc_auto_normalise(struct ldb_context *ldb, const struct dsdb_attribut } el->values[i] = v; + + /* + * By now el->values is a talloc pointer under + * msg->elements and may now be used + */ + talloc_steal(el->values, v.data); } return LDB_SUCCESS; } -- 2.17.1 From 6c955ef042e32178c12aa8f731b9de0867b2e844 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 30 Jan 2020 16:44:05 +1300 Subject: [PATCH 2/2] selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned value BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258 Signed-off-by: Andrew Bartlett Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184 (cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700) --- python/samba/tests/dns.py | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 275d4fcd692..52bd708963b 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -1504,26 +1504,51 @@ class TestZones(DNSTest): name, txt = 'agingtest', ['test txt'] name2, txt2 = 'agingtest2', ['test txt2'] name3, txt3 = 'agingtest3', ['test txt3'] + name4, txt4 = 'agingtest4', ['test txt4'] + name5, txt5 = 'agingtest5', ['test txt5'] self.dns_update_record(name, txt) self.dns_update_record(name2, txt) self.dns_update_record(name2, txt2) self.dns_update_record(name3, txt) self.dns_update_record(name3, txt2) + + # Create a tomb stoned record. + self.dns_update_record(name4, txt4) + self.dns_tombstone(name4, txt4, self.zone) + records = self.ldap_get_records(name4) + self.assertTrue("dNSTombstoned" in records[0]) + self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + + # Create an un-tombstoned record, with dnsTombstoned: FALSE + self.dns_update_record(name5, txt5) + self.dns_tombstone(name5, txt5, self.zone) + self.dns_update_record(name5, txt5) + records = self.ldap_get_records(name5) + self.assertTrue("dNSTombstoned" in records[0]) + self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE") + last_add = self.dns_update_record(name3, txt3) def mod_ts(rec): self.assertTrue(rec.dwTimeStamp > 0) if rec.data.str == txt: rec.dwTimeStamp -= interval * 5 + + def mod_ts_all(rec): + rec.dwTimeStamp -= interval * 5 self.ldap_modify_dnsrecs(name, mod_ts) self.ldap_modify_dnsrecs(name2, mod_ts) self.ldap_modify_dnsrecs(name3, mod_ts) + self.ldap_modify_dnsrecs(name5, mod_ts_all) self.assertTrue(callable(getattr(dsdb, '_scavenge_dns_records', None))) dsdb._scavenge_dns_records(self.samdb) recs = self.ldap_get_dns_records(name) self.assertEqual(len(recs), 1) self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) + records = self.ldap_get_records(name) + self.assertTrue("dNSTombstoned" in records[0]) + self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") recs = self.ldap_get_dns_records(name2) self.assertEqual(len(recs), 1) @@ -1537,6 +1562,20 @@ class TestZones(DNSTest): self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TXT) self.assertEqual(recs[1].wType, dnsp.DNS_TYPE_TXT) + recs = self.ldap_get_dns_records(name4) + self.assertEqual(len(recs), 1) + self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) + records = self.ldap_get_records(name4) + self.assertTrue("dNSTombstoned" in records[0]) + self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + + recs = self.ldap_get_dns_records(name5) + self.assertEqual(len(recs), 1) + self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE) + records = self.ldap_get_records(name5) + self.assertTrue("dNSTombstoned" in records[0]) + self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE") + for make_it_work in [False, True]: inc = -1 if make_it_work else 1 -- 2.17.1