Bug 12904 - LDB locking patches trigger invalid read
Summary: LDB locking patches trigger invalid read
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.7.0rc2
Hardware: All All
: P2 regression (vote)
Target Milestone: 4.7
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Blocks: 12858
  Show dependency treegraph
Reported: 2017-07-13 10:41 UTC by Garming Sam
Modified: 2017-08-11 08:19 UTC (History)
4 users (show)

See Also:

possible patch for master (5.28 KB, patch)
2017-08-01 01:38 UTC, Andrew Bartlett
no flags Details
patch cherry-picked from master for 4.7 (only) (4.96 KB, patch)
2017-08-03 02:07 UTC, Andrew Bartlett
garming: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Garming Sam 2017-07-13 10:41:33 UTC
Right now, giving an invalid control in ldbsearch triggers panics. This appears to be due to ldb_module_done triggering the unlock case twice (once with DONE, and once with error + DONE). 

This appears to be due to dsdb_next_callback failing to set the DONE flag on the handle. This means that the ldb_next_request code will forcibly call done as soon as any module omits it. The locking callback appears to be the only case which is not currently idempotent.
Comment 1 Andrew Bartlett 2017-08-01 01:38:26 UTC
Created attachment 13441 [details]
possible patch for master
Comment 2 Andrew Bartlett 2017-08-03 02:07:59 UTC
Created attachment 13443 [details]
patch cherry-picked from master for 4.7 (only)
Comment 3 Karolin Seeger 2017-08-04 07:07:14 UTC
Pushed to autobuild-v4-7-test.
Comment 4 Karolin Seeger 2017-08-11 08:19:48 UTC
(In reply to Karolin Seeger from comment #3)
Pushed to v4-7-test.
Closing out bug report.