Bug 11652 - ldapsam:trusted=yes segfaults when the gecos entry is empty
Summary: ldapsam:trusted=yes segfaults when the gecos entry is empty
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.3.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2015-12-26 20:46 UTC by Szombathelyi György
Modified: 2018-02-26 12:50 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Szombathelyi György 2015-12-26 20:46:55 UTC
When using LDAP backend and ldapsam:trusted=yes, and no gecos attribute in the LDAP entry, the ldapsam backend segfaults.
gdb pdbedit
(gdb) run -r admin
Starting program: /usr/bin/pdbedit -r admin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
No builtin backend found, trying to load plugin
Module 'ldapsam' loaded
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=HTM))]
smbldap_open_connection: connection opened
init_sam_from_ldap: Entry found for user: admin
Detaching after fork from child process 15563.

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106             movdqu  (%rax), %xmm12
Missing separate debuginfos, use: dnf debuginfo-install bzip2-libs-1.0.6-19.fc23.x86_64 libgcc-5.3.1-2.fc23.x86_64
(gdb) bt
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
#1  0x00007ffff6fc9874 in tcopy_passwd (mem_ctx=mem_ctx@entry=0x555555798310, from=from@entry=0x7fffffffd8d0) at ../lib/util/util_pw.c:39
#2  0x00007fffe2640e9a in init_sam_from_ldap (ldap_state=ldap_state@entry=0x55555578dd00, sampass=sampass@entry=0x555555798310, entry=0x555555799d50) at ../source3/passdb/pdb_ldap.c:1029
#3  0x00007fffe2642a46 in ldapsam_getsampwnam (my_methods=0x55555578da70, user=0x555555798310, sname=0x7fffffffe72c "admin") at ../source3/passdb/pdb_ldap.c:1507
#4  0x00007ffff6d6cbc8 in pdb_getsampwnam (sam_acct=0x555555798310, username=0x7fffffffe72c "admin") at ../source3/passdb/pdb_interface.c:334
#5  0x0000555555558d66 in set_user_info (kickoff_time=0x0, hours=<optimized out>, badpw=<optimized out>, user_domain=<optimized out>, user_sid=<optimized out>, account_control=<optimized out>, profile=<optimized out>, 
    script=<optimized out>, drive=0x0, acct_desc=<optimized out>, homedir=0x0, fullname=0x0, username=<optimized out>) at ../source3/utils/pdbedit.c:519
#6  main (argc=<optimized out>, argv=<optimized out>) at ../source3/utils/pdbedit.c:1312

I think in pdb_ldap.c
1008                 if (unix_pw.pw_gecos) {
1009                         unix_pw.pw_gecos = fullname;
1010                 }

line 1008 should be if (unix_pw.pw_gecos == NULL) {
Comment 1 Björn Jacke 2018-02-26 12:50:01 UTC
I assume this is a duplicate of bug #11530 and fixed with by that. If you can reproduce it with a recent and supported version, please reopen this bug.