Created attachment 10086 [details] bt full How to reproduce it: * Add an entry to secrets.ldb * Delete the keytab * Modify the entry changing the keytab path (outside private directory) Backtrace: #0 0x00007ffff71e5f79 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007ffff71e9388 in __GI_abort () at abort.c:89 #2 0x00007ffff5a270e9 in smb_panic_default (why=0x7ffff757b620 "Bad talloc magic value - access after free") at ../lib/util/fault.c:149 #3 0x00007ffff5a27127 in smb_panic (why=0x7ffff757b620 "Bad talloc magic value - access after free") at ../lib/util/fault.c:162 #4 0x00007ffff75771d2 in talloc_abort (reason=0x7ffff757b620 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:341 #5 0x00007ffff757724e in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:357 #6 0x00007ffff75772cb in talloc_chunk_from_ptr (ptr=0x5555557d71f0) at ../lib/talloc/talloc.c:378 #7 0x00007ffff75787c6 in _talloc_steal_loc (new_ctx=0x5555557d4ac0, ptr=0x5555557d71f0, location=0x7fffed6bddf8 "../source4/auth/kerberos/srv_keytab.c:526") at ../lib/talloc/talloc.c:1072 #8 0x00007fffed6b6d0e in smb_krb5_update_keytab (parent_ctx=0x5555557d4ac0, context=0x5555557d3930, keytab_name=0x5555557da690 "FILE:./private//etc/mail.keytab", samAccountName=0x5555557da040 "mail-z35", realm=0x5555557d74c0 "KERNEVIL.LAN", SPNs=0x5555557da140, num_SPNs=6, saltPrincipal=0x0, new_secret=0x5555557dc830 "foobar", old_secret=0x0, kvno=1, supp_enctypes=31, delete_all_kvno=false, _keytab=0x0, error_string=0x7fffffffe0f8) at ../source4/auth/kerberos/srv_keytab.c:526 #9 0x00007fffe3c5b686 in update_kt_prepare_commit (module=0x5555557b04f0) at ../source4/dsdb/samdb/ldb_modules/update_keytab.c:432 #10 0x00007ffff79aab72 in ldb_transaction_prepare_commit (ldb=0x555555760ee0) at ../lib/ldb/common/ldb.c:409 #11 0x00007ffff79aace1 in ldb_transaction_commit (ldb=0x555555760ee0) at ../lib/ldb/common/ldb.c:441 #12 0x0000555555555b8e in merge_edits (ldb=0x555555760ee0, msgs1=0x5555557bcb40, count1=5, msgs2=0x5555557c1ca0, count2=5) at ../lib/ldb/tools/ldbedit.c:179 #13 0x0000555555555fb5 in do_edit (ldb=0x555555760ee0, msgs1=0x5555557bcb40, count1=5, editor=0x7ffff7781a39 "vi") at ../lib/ldb/tools/ldbedit.c:303 #14 0x0000555555556294 in main (argc=3, argv=0x7fffffffe438) at ../lib/ldb/tools/ldbedit.c:368
Created attachment 10087 [details] Patch for 4.1 series
Fixed in Samba 4.2 with caa42ed385dc174d9529407d128424c37cff8e9c