The Samba-Bugzilla – Attachment 17151 Details for
Bug 14970
SIGSEGV in resolve_oids_parse_tree_need when using paged_results with "anr"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0001-Fix-segfault-in-paged_results.patch
0001-Fix-segfault-in-paged_results.patch (text/plain), 1.95 KB, created by
Arvid Requate
on 2022-02-07 17:43:59 UTC
(
hide
)
Description:
0001-Fix-segfault-in-paged_results.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2022-02-07 17:43:59 UTC
Size:
1.95 KB
patch
obsolete
>From 5f40a9615bf3223fc3089a4c436d6c20b19513fe Mon Sep 17 00:00:00 2001 >From: Arvid Requate <requate@univention.de> >Date: Mon, 7 Feb 2022 18:00:03 +0100 >Subject: [PATCH] Fix segfault in paged_results > >reproducable by varations of: > >ldbsearch -H /var/lib/samba/private/sam.ldb \ > --controls=paged_results:1:1 \ > '(!(anr==SomeSurname))' foo > >and other nested searches like '(|(foo=bar)(anr==SomeSurname))'. > >When the paged_results control is given, then paged_results code >stores the req->op.search.tree in the private_data->store as >paged_context. The old code attached the paged_context to the talloc >pointer `req`, which seems to get freed after each request. >When the paged_results module is called for subsequent result pages, >it walks the private_data->store, to identify the current paged_context >via cookie and then passes current->expr down to a new search. >current->expr is a ldb_parse_tree, which, in case of `anr` has been >constructed in the anr.c module. If that memory has been freed in >between requests, then tree->u.list.num_elements is still 2 (as set >by make_parse_list in anr.c), but tree->u.list.element[i] points >to an undefined location. This causes a segfault during the next >run of the resolve_oids module. > >Signed-off-by: Arvid Requate <requate@univention.de> >--- > source4/dsdb/samdb/ldb_modules/paged_results.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git source4/dsdb/samdb/ldb_modules/paged_results.c source4/dsdb/samdb/ldb_modules/paged_results.c >index 2063e84e157..7db93681163 100644 >--- source4/dsdb/samdb/ldb_modules/paged_results.c >+++ source4/dsdb/samdb/ldb_modules/paged_results.c >@@ -656,7 +656,7 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) > return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; > } > >- ac = talloc_zero(req, struct paged_context); >+ ac = talloc_zero(private_data, struct paged_context); > if (ac == NULL) { > ldb_set_errstring(ldb, "Out of Memory"); > return LDB_ERR_OPERATIONS_ERROR; >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17151">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14970
:
17150
| 17151 |
17152
|
17153
|
17156