From 7b0de91de43c0e61187d7a9e1891cf39dc573fbc Mon Sep 17 00:00:00 2001 From: Krzysztof Piotr Oledzki Date: Sun, 18 Sep 2022 21:30:43 -0700 Subject: [PATCH] kdc: fix Segmentation fault due to struct mismatch We have the following structures declared: struct heim_plugin_common_ftable_desc { int version; int (HEIM_LIB_CALL *init)(heim_pcontext, void **); void (HEIM_LIB_CALL *fini)(void *); }; struct hdb_method { int version; unsigned int is_file_based:1; unsigned int can_taste:1; krb5_error_code (*init)(krb5_context, void **); void (*fini)(void *); const char *prefix; krb5_error_code (*create)(krb5_context, HDB **, const char *filename); }; Function third_party/heimdal/lib/base/plugin.c:heim_plugin_register expects "ftable" to be declared as "struct heim_plugin_common_ftable_desc" or a compatible structure, like krb5plugin_kdc_ftable or krb5plugin_db_ftable_desc. The function is called from third_party/heimdal/lib/krb5/plugin.c:krb5_plugin_register that passes its "symbol" argument as "ftable". If function source4/kdc/kdc-heimdal.c:kdc_post_fork calls krb5_plugin_register passing "symbol" pointing to hdb_samba4_interface defined as "struct hdb_method", it will cause Segmentation fault on some architectures such as i386 or armhf, where init/fini are not aligned in the same way between these two structures. This is because pl->ftable->init will point to null instead of the proper init function. This problem does not exist for example on x86_64 (aka amd64) due to padding that coincidentally aligns init/fini. As "struct hdb_method" is used in third_party/heimdal/lib/hdb/hdb.c to define "methods[]" and "default_dbmethod" (which seems like a very different use-case), and it does not look like we need additional information there, fix it by simply using "struct heim_plugin_common_ftable_desc" to define hdb_samba4_interface. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110 RN: Fix Segmentation fault in heim_plugin_register due to hdb_samba4_interface struct mismatch Signed-off-by: Krzysztof Piotr Oledzki --- source4/kdc/hdb-samba4-plugin.c | 8 +------- source4/kdc/samba_kdc.h | 4 +++- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c index be6d2437d0e..45215faae74 100644 --- a/source4/kdc/hdb-samba4-plugin.c +++ b/source4/kdc/hdb-samba4-plugin.c @@ -56,7 +56,6 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, #error "Unsupported Heimdal HDB version" #endif -#if HDB_INTERFACE_VERSION >= 8 static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx) { *ctx = NULL; @@ -66,7 +65,6 @@ static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx) static void hdb_samba4_fini(void *ctx) { } -#endif /* Only used in the hdb-backed keytab code * for a keytab of 'samba4&

' or samba4, to find @@ -74,12 +72,8 @@ static void hdb_samba4_fini(void *ctx) * * The

is the string form of a pointer to a talloced struct hdb_samba_context */ -struct hdb_method hdb_samba4_interface = { +struct heim_plugin_common_ftable_desc hdb_samba4_interface = { HDB_INTERFACE_VERSION, -#if HDB_INTERFACE_VERSION >= 8 .init = hdb_samba4_init, .fini = hdb_samba4_fini, -#endif - .prefix = "samba4", - .create = hdb_samba4_create }; diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h index 5d73c5bbb9d..0c99ec17037 100644 --- a/source4/kdc/samba_kdc.h +++ b/source4/kdc/samba_kdc.h @@ -21,6 +21,8 @@ along with this program. If not, see . */ +#include "third_party/heimdal/lib/base/common_plugin.h" + #ifndef _SAMBA_KDC_H_ #define _SAMBA_KDC_H_ @@ -66,7 +68,7 @@ struct samba_kdc_entry { NTSTATUS reject_status; }; -extern struct hdb_method hdb_samba4_interface; +extern struct heim_plugin_common_ftable_desc hdb_samba4_interface; #define CHANGEPW_LIFETIME 60*2 /* 2 minutes */ -- 2.35.1