Bug 12135 - net ads gpo refresh can crash with null pointer deref.
net ads gpo refresh can crash with null pointer deref.
Status: RESOLVED FIXED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other
unspecified
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-09 19:44 UTC by Jeremy Allison
Modified: 2016-09-13 09:47 UTC (History)
2 users (show)

See Also:


Attachments
git-am fix for 4.5.0, 4.4.next, 4.3.next (2.27 KB, patch)
2016-08-10 17:45 UTC, Jeremy Allison
uri: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2016-08-09 19:44:45 UTC
Reported to me as:

Core was generated by `bin/default/source3/net ads gpo refresh XXXXX -U XXXXX -s /etc/samba/smb.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fb0dfe4dc6f in sys_getnameinfo (psa=0x0, salen=16, host=0x7ffd0ce22020 "\340\071\022\213\265U", hostlen=46, service=0x0, servlen=0, flags=1) at ../lib/util/system.c:59
59                      if (psa->sa_family == AF_INET6) {
(gdb) bt
#0  0x00007fb0dfe4dc6f in sys_getnameinfo (psa=0x0, salen=16, host=0x7ffd0ce22020 "\340\071\022\213\265U", hostlen=46, service=0x0, servlen=0, flags=1) at ../lib/util/system.c:59
#1  0x00007fb0dfe5034d in print_canonical_sockaddr (ctx=0x55b58b123d00, pss=0x0) at ../lib/util/util_net.c:877
#2  0x00007fb0dc4de63e in cli_connect_nb_send (mem_ctx=0x55b58b1239e0, ev=0x55b58b123210, host=0x0, dest_ss=0x0, port=0, name_type=32, myname=0x55b58b0fc780 "XXXXXXX", signing_state=-1, 
    flags=10) at ../source3/libsmb/cliconnect.c:3112
#3  0x00007fb0dc4dea8d in cli_start_connection_send (mem_ctx=0x55b58b123690, ev=0x55b58b123210, my_name=0x55b58b0fc780 "XXXXXXX", dest_host=0x0, dest_ss=0x0, port=0, signing_state=-1, 
    flags=10) at ../source3/libsmb/cliconnect.c:3237
#4  0x00007fb0dc4def88 in cli_full_connection_send (mem_ctx=0x55b58b123210, ev=0x55b58b123210, my_name=0x55b58b0fc780 "XXXXXXX", dest_host=0x0, dest_ss=0x0, port=0, 
    service=0x55b58b125830 "SysVol", service_type=0x7fb0e071cff5 "A:", user=0x55b58b106620 "XXXXXX", domain=0x0, password=0x55b58b106600 "XXXXXX", flags=10, signing_state=-1)
    at ../source3/libsmb/cliconnect.c:3398
#5  0x00007fb0dc4df53e in cli_full_connection (output_cli=0x7ffd0ce222f8, my_name=0x55b58b0fc780 "XXXXXXXX", dest_host=0x0, dest_ss=0x0, port=0, service=0x55b58b125830 "SysVol", 
    service_type=0x7fb0e071cff5 "A:", user=0x55b58b106620 "XXXXXXX", domain=0x0, password=0x55b58b106600 "XXXXXXX", flags=10, signing_state=-1) at ../source3/libsmb/cliconnect.c:3534
#6  0x00007fb0e07176a1 in gpo_connect_server (ads=0x55b58b10c9f0, server=0x0, service=0x55b58b125830 "SysVol", ret_cli=0x7ffd0ce22378) at ../libgpo/gpo_fetch.c:127
#7  0x00007fb0e07177ab in gpo_fetch_files (mem_ctx=0x55b58b10a840, ads=0x55b58b10c9f0, cache_dir=0x55b58b1224d0 "/usr/local/samba/var/cache/gpo_cache", gpo=0x55b58b1229f0)
    at ../libgpo/gpo_fetch.c:169
#8  0x00007fb0e0716811 in check_refresh_gpo (ads=0x55b58b10c9f0, mem_ctx=0x55b58b10a840, cache_dir=0x55b58b1224d0 "/usr/local/samba/var/cache/gpo_cache", flags=0, gpo=0x55b58b1229f0)
    at ../libgpo/gpo_util.c:518
#9  0x00007fb0e0716a7a in check_refresh_gpo_list (ads=0x55b58b10c9f0, mem_ctx=0x55b58b10a840, cache_dir=0x55b58b1224d0 "/usr/local/samba/var/cache/gpo_cache", flags=0, gpo_list=0x55b58b1229f0)
    at ../libgpo/gpo_util.c:577
#10 0x000055b589eaf66a in net_ads_gpo_refresh (c=0x55b58b0f81a0, argc=1, argv=0x55b58b0fa900) at ../source3/utils/net_ads_gpo.c:108
#11 0x000055b589eac469 in net_run_function (c=0x55b58b0f81a0, argc=2, argv=0x55b58b0fa8f8, whoami=0x55b589ef9593 "net ads gpo", table=0x7ffd0ce225b0) at ../source3/utils/net_util.c:521
#12 0x000055b589eb09fb in net_ads_gpo (c=0x55b58b0f81a0, argc=2, argv=0x55b58b0fa8f8) at ../source3/utils/net_ads_gpo.c:709
#13 0x000055b589eac469 in net_run_function (c=0x55b58b0f81a0, argc=3, argv=0x55b58b0fa8f0, whoami=0x55b589ee014a "net ads", table=0x7ffd0ce22780) at ../source3/utils/net_util.c:521
#14 0x000055b589e6d3a1 in net_ads (c=0x55b58b0f81a0, argc=3, argv=0x55b58b0fa8f0) at ../source3/utils/net_ads.c:3374
#15 0x000055b589eac469 in net_run_function (c=0x55b58b0f81a0, argc=4, argv=0x55b58b0fa8e8, whoami=0x55b589edc35f "net", table=0x55b58a116020 <net_func>) at ../source3/utils/net_util.c:521
#16 0x000055b589e6401e in main (argc=10, argv=0x7ffd0ce23588) at ../source3/utils/net.c:982

Patch to follow.
Comment 1 Jeremy Allison 2016-08-10 17:45:20 UTC
Created attachment 12358 [details]
git-am fix for 4.5.0, 4.4.next, 4.3.next

Cherry-picked from master.
Comment 2 Uri Simchoni 2016-08-10 18:40:55 UTC
Comment on attachment 12358 [details]
git-am fix for 4.5.0, 4.4.next, 4.3.next

LGTM.
Comment 3 Uri Simchoni 2016-08-10 18:42:39 UTC
Assigning to Karolin for inclusion in 4.5.0, 4.4.next, 4.3.next.
Comment 4 Karolin Seeger 2016-08-11 08:46:08 UTC
(In reply to Uri Simchoni from comment #3)
Pushed to autobuild-v4-{5,4,3}-test.
Comment 5 Stefan Metzmacher 2016-08-24 09:44:39 UTC
Pushed to autobuild-v4-5-test.
Comment 6 Stefan Metzmacher 2016-08-28 15:56:17 UTC
Pushed to v4-5-test.
Comment 7 Karolin Seeger 2016-09-13 09:47:28 UTC
(In reply to Stefan Metzmacher from comment #6)
Pushed to v4-4-test and v4-3-test.
Closing out bug report.

Thanks!