Created attachment 13161 [details] patch with fix I discovered a buffer overread detectable with address sanitizer that shows up when one tries to start a samba server and run smbclient -L against it. The error is in these lines of cleanupdb_store_child (or at least... I'm 90% sure): TDB_DATA tdbkey = { .dptr = (uint8_t *)&key, .dsize = sizeof(key) }; TDB_DATA tdbdata = { .dptr = (uint8_t *)&key, .dsize = sizeof(rec) }; So the idea here is probably to have a pointer to a buffer and then the size of the buffer in each TDB_DATA struct. However as you can see both lines point to the key variable, yet the second one has sizeof(rec). Thus this doesn't match. The second line needs to point to &rec instead of &key. Patch attached. This bug will subsequently lead to an 8 byte buffer overread in tdb_write (part of tdb, not samba itself). I'll attach a stack trace as well.
Created attachment 13162 [details] address sanitizer stack trace
Created attachment 13163 [details] Patch in git-am format 100% correct. Attached find a patch with the formalisms we use. I've added your Signed-off-by: line, hoping that is okay.
Ralph, git blame points at you :-) Can you take a quick look, this is a pretty obvious cut&paste error
D'oh! Looking...
Pushed. Thanks for finding this (Hanno) and for providing the patch (Volker). :)
Just to be precise: The patch was from Hanno, I just did the "git format-patch" icing.
Created attachment 13164 [details] git-am fix for 4.6.next, 4.5.next. Cherry-picked from master.
Reassigning to Karolin for inclusion in 4.5 and 4.6.
(In reply to Ralph Böhme from comment #8) Pushed to autobuild-v4-{6,5}-test.
(In reply to Karolin Seeger from comment #9) Pushed to both branches. Closing out bug report. Thanks!