The Samba-Bugzilla – Attachment 17523 Details for
Bug 15110
Segmentation fault in krb5_plugin_register since samba-4.16rc1 on x86 (32 bit), regression from samba-4.15
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
kdc: fix Segmentation fault due to struct mismatch
0001-kdc-fix-Segmentation-fault-due-to-struct-mismatch.patch (text/plain), 4.03 KB, created by
Krzysztof Olędzki
on 2022-09-20 15:54:56 UTC
(
hide
)
Description:
kdc: fix Segmentation fault due to struct mismatch
Filename:
MIME Type:
Creator:
Krzysztof Olędzki
Created:
2022-09-20 15:54:56 UTC
Size:
4.03 KB
patch
obsolete
>From 7b0de91de43c0e61187d7a9e1891cf39dc573fbc Mon Sep 17 00:00:00 2001 >From: Krzysztof Piotr Oledzki <ole@ans.pl> >Date: Sun, 18 Sep 2022 21:30:43 -0700 >Subject: [PATCH] kdc: fix Segmentation fault due to struct mismatch > >We have the following structures declared: > >struct heim_plugin_common_ftable_desc { > int version; > int (HEIM_LIB_CALL *init)(heim_pcontext, void **); > void (HEIM_LIB_CALL *fini)(void *); >}; > >struct hdb_method { > int version; > unsigned int is_file_based:1; > unsigned int can_taste:1; > krb5_error_code (*init)(krb5_context, void **); > void (*fini)(void *); > const char *prefix; > krb5_error_code (*create)(krb5_context, HDB **, const char *filename); >}; > >Function third_party/heimdal/lib/base/plugin.c:heim_plugin_register >expects "ftable" to be declared as "struct heim_plugin_common_ftable_desc" >or a compatible structure, like krb5plugin_kdc_ftable or >krb5plugin_db_ftable_desc. The function is called from >third_party/heimdal/lib/krb5/plugin.c:krb5_plugin_register that passes >its "symbol" argument as "ftable". > >If function source4/kdc/kdc-heimdal.c:kdc_post_fork calls krb5_plugin_register >passing "symbol" pointing to hdb_samba4_interface defined as >"struct hdb_method", it will cause Segmentation fault on some architectures >such as i386 or armhf, where init/fini are not aligned in the same way >between these two structures. > >This is because pl->ftable->init will point to null instead of the proper >init function. This problem does not exist for example on x86_64 (aka amd64) >due to padding that coincidentally aligns init/fini. > >As "struct hdb_method" is used in third_party/heimdal/lib/hdb/hdb.c to >define "methods[]" and "default_dbmethod" (which seems like a very >different use-case), and it does not look like we need additional information >there, fix it by simply using "struct heim_plugin_common_ftable_desc" to >define hdb_samba4_interface. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15110 >RN: Fix Segmentation fault in heim_plugin_register due to hdb_samba4_interface struct mismatch >Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> >--- > source4/kdc/hdb-samba4-plugin.c | 8 +------- > source4/kdc/samba_kdc.h | 4 +++- > 2 files changed, 4 insertions(+), 8 deletions(-) > >diff --git a/source4/kdc/hdb-samba4-plugin.c b/source4/kdc/hdb-samba4-plugin.c >index be6d2437d0e..45215faae74 100644 >--- a/source4/kdc/hdb-samba4-plugin.c >+++ b/source4/kdc/hdb-samba4-plugin.c >@@ -56,7 +56,6 @@ static krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, > #error "Unsupported Heimdal HDB version" > #endif > >-#if HDB_INTERFACE_VERSION >= 8 > static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx) > { > *ctx = NULL; >@@ -66,7 +65,6 @@ static krb5_error_code hdb_samba4_init(krb5_context context, void **ctx) > static void hdb_samba4_fini(void *ctx) > { > } >-#endif > > /* Only used in the hdb-backed keytab code > * for a keytab of 'samba4&<address>' or samba4, to find >@@ -74,12 +72,8 @@ static void hdb_samba4_fini(void *ctx) > * > * The <address> is the string form of a pointer to a talloced struct hdb_samba_context > */ >-struct hdb_method hdb_samba4_interface = { >+struct heim_plugin_common_ftable_desc hdb_samba4_interface = { > HDB_INTERFACE_VERSION, >-#if HDB_INTERFACE_VERSION >= 8 > .init = hdb_samba4_init, > .fini = hdb_samba4_fini, >-#endif >- .prefix = "samba4", >- .create = hdb_samba4_create > }; >diff --git a/source4/kdc/samba_kdc.h b/source4/kdc/samba_kdc.h >index 5d73c5bbb9d..0c99ec17037 100644 >--- a/source4/kdc/samba_kdc.h >+++ b/source4/kdc/samba_kdc.h >@@ -21,6 +21,8 @@ > along with this program. If not, see <http://www.gnu.org/licenses/>. > */ > >+#include "third_party/heimdal/lib/base/common_plugin.h" >+ > #ifndef _SAMBA_KDC_H_ > #define _SAMBA_KDC_H_ > >@@ -66,7 +68,7 @@ struct samba_kdc_entry { > NTSTATUS reject_status; > }; > >-extern struct hdb_method hdb_samba4_interface; >+extern struct heim_plugin_common_ftable_desc hdb_samba4_interface; > > #define CHANGEPW_LIFETIME 60*2 /* 2 minutes */ > >-- >2.35.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17523">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 15110
:
17400
| 17523 |
17614
|
17616