The Samba-Bugzilla – Attachment 17462 Details for
Bug 15078
samba-tool domain join segfault when joining a samba ad domain
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
4.15 backport patch
4-15.patch (text/plain), 3.80 KB, created by
Douglas Bagnall
on 2022-08-05 03:43:12 UTC
(
hide
)
Description:
4.15 backport patch
Filename:
MIME Type:
Creator:
Douglas Bagnall
Created:
2022-08-05 03:43:12 UTC
Size:
3.80 KB
patch
obsolete
>From 32c52ed476e3a7178640bbf5703d6a3a18c2bd9a Mon Sep 17 00:00:00 2001 >From: Michael Tokarev <mjt@tls.msk.ru> >Date: Tue, 24 May 2022 16:25:41 +0300 >Subject: [PATCH] s3/util/py_net.c: fix samba-tool domain join&leave segfault > >We process python args using PyArg_ParseTupleAndKeywords(), and use "p" >type modifier there. According to documentation, this type modifier, >while works for a boolean type, expects an argument of type int. But in >py_net_join_member() and py_net_leave() we use argument of type uint8_t >(keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords() >tries to assign a value to &r->in.debug, it updates subsequent, unrelated bytes >too, - which ones depends on the stack and structure layout used by the compiler. > >Fix this by using an int proxy variable "debug" (of the same type) for >r->in.debug. > >While at it, also ensure all variables have sensible default values. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15078 > >Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> >Reviewed-by: Alexander Bokovoy <ab@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184 > >Backported-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> > >(backported from commit 976326fa2b6423ac5866af682605cf7584e4991a, with > changes because 4.15 doesn't have no_dns_update, along with other > changes that foil the patch. Also the BUG: line was added above). >--- > source3/utils/py_net.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > >diff --git a/source3/utils/py_net.c b/source3/utils/py_net.c >index 8a8a756ea21..ef2c0a0599a 100644 >--- a/source3/utils/py_net.c >+++ b/source3/utils/py_net.c >@@ -67,6 +67,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec > WERROR werr; > PyObject *result; > TALLOC_CTX *mem_ctx; >+ int debug = false; > bool modify_config = lp_config_backend_is_registry(); > const char *kwnames[] = { "dnshostname", "createupn", "createcomputer", > "osName", "osVer", "osServicePack", >@@ -93,7 +94,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec > &r->in.os_version, > &r->in.os_servicepack, > &r->in.machine_password, >- &r->in.debug)) { >+ &debug)) { > talloc_free(mem_ctx); > PyErr_FromString(_("Invalid arguments\n")); > return NULL; >@@ -121,6 +122,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec > WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE | > WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED; > r->in.msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE()); >+ r->in.debug = debug; > > werr = libnet_Join(mem_ctx, r); > if (W_ERROR_EQUAL(werr, WERR_NERR_DCNOTFOUND)) { >@@ -166,7 +168,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa > struct libnet_UnjoinCtx *r = NULL; > WERROR werr; > TALLOC_CTX *mem_ctx; >- bool keep_account = false; >+ int keep_account = false, debug = false; > const char *kwnames[] = { "keepAccount", "debug", NULL }; > > mem_ctx = talloc_new(self->mem_ctx); >@@ -189,7 +191,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa > > if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|pp:Leave", > discard_const_p(char *, kwnames), >- &keep_account, &r->in.debug)) { >+ &keep_account, &debug)) { > talloc_free(mem_ctx); > PyErr_FromString(_("Invalid arguments\n")); > return NULL; >@@ -201,6 +203,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa > r->in.admin_account = cli_credentials_get_username(self->creds); > r->in.admin_password = cli_credentials_get_password(self->creds); > r->in.modify_config = lp_config_backend_is_registry(); >+ r->in.debug = debug; > > /* > * Try to delete it, but if that fails, disable it. The >-- >2.25.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review+
Actions:
View
Attachments on
bug 15078
:
17461
| 17462