From e011831bd798fcd32f5ac89a4c59217df1e9b3c5 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 20 Jun 2023 11:52:12 +0200 Subject: [PATCH] s3:winbind: Fix talloc parent in find_dc() leading to a segfault [2023/06/16 16:30:18.677249, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/cmdline/cmdline.c:56(_samba_cmdline_talloc_log) Bad talloc magic value - unknown value [2023/06/16 16:30:18.677374, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:173(smb_panic_log) =============================================================== [2023/06/16 16:30:18.677388, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:177(smb_panic_log) INTERNAL ERROR: Bad talloc magic value - unknown value in pid 28112 (4.18.3) [2023/06/16 16:30:18.677398, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:182(smb_panic_log) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting [2023/06/16 16:30:18.677408, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:183(smb_panic_log) =============================================================== [2023/06/16 16:30:18.677420, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:185(smb_panic_log) PANIC (pid 28112): Bad talloc magic value - unknown value in 4.18.3 [2023/06/16 16:30:18.677698, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../lib/util/fault.c:293(log_stack_trace) BACKTRACE: 22 stack frames: #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7fcc04ad35d4] #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7fcc04ad382d] #2 /lib64/libtalloc.so.2(+0x3121) [0x7fcc04650121] #3 /usr/sbin/winbindd(_wbint_InitConnection+0xe8) [0x55aa1fd79028] #4 /usr/sbin/winbindd(+0x59488) [0x55aa1fd7e488] #5 /lib64/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x69) [0x7fcc05890469] #6 /usr/sbin/winbindd(winbindd_dual_ndrcmd+0x3c5) [0x55aa1fd762d5] #7 /usr/sbin/winbindd(+0x4d664) [0x55aa1fd72664] #8 /lib64/libtevent.so.0(tevent_common_invoke_fd_handler+0x97) [0x7fcc03d2e707] #9 /lib64/libtevent.so.0(+0xef4f) [0x7fcc03d34f4f] #10 /lib64/libtevent.so.0(+0xcf5b) [0x7fcc03d32f5b] #11 /lib64/libtevent.so.0(_tevent_loop_once+0x95) [0x7fcc03d2d9b5] #12 /usr/sbin/winbindd(+0x4fd14) [0x55aa1fd74d14] #13 /usr/sbin/winbindd(+0x505cd) [0x55aa1fd755cd] #14 /lib64/libtevent.so.0(tevent_common_invoke_immediate_handler+0x182) [0x7fcc03d2ec72] #15 /lib64/libtevent.so.0(tevent_common_loop_immediate+0x27) [0x7fcc03d2eca7] #16 /lib64/libtevent.so.0(+0xed2f) [0x7fcc03d34d2f] #17 /lib64/libtevent.so.0(+0xcf5b) [0x7fcc03d32f5b] #18 /lib64/libtevent.so.0(_tevent_loop_once+0x95) [0x7fcc03d2d9b5] #19 /usr/sbin/winbindd(main+0xd34) [0x55aa1fd402f4] #20 /lib64/libc.so.6(__libc_start_main+0xe5) [0x7fcc0339dd85] #21 /usr/sbin/winbindd(_start+0x2e) [0x55aa1fd40e8e] [2023/06/16 16:30:18.677828, 0, pid=28112, effective(0, 0), real(0, 0), traceid=35] ../../source3/lib/dumpcore.c:318(dump_core) coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern BUG: https://bugzilla.samba.org/show_bug.cgi?id=15398 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit d34ff44d91ba4ffad45dfa3e4ee37470498b3f2d) --- source3/winbindd/winbindd_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 264fc1368d6..4aaa67521ee 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1559,7 +1559,7 @@ static bool find_dc(TALLOC_CTX *mem_ctx, if (*dcnames[fd_index] != '\0' && !is_ipaddress(dcnames[fd_index])) { /* Ok, we've got a name for the DC */ TALLOC_FREE(domain->dcname); - domain->dcname = talloc_strdup(mem_ctx, dcnames[fd_index]); + domain->dcname = talloc_strdup(domain, dcnames[fd_index]); if (domain->dcname == NULL) { return false; } -- 2.41.0