12904 – LDB locking patches trigger invalid read

Bug 12904 - LDB locking patches trigger invalid read

Summary: LDB locking patches trigger invalid read

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.7.0rc2
Hardware:	All All

Importance:	P2 regression (vote)
Target Milestone:	4.7
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:	12858
	Show dependency tree / graph

Reported:	2017-07-13 10:41 UTC by Garming Sam
Modified:	2017-08-11 08:19 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
possible patch for master (5.28 KB, patch) 2017-08-01 01:38 UTC, Andrew Bartlett	no flags	Details
patch cherry-picked from master for 4.7 (only) (4.96 KB, patch) 2017-08-03 02:07 UTC, Andrew Bartlett	garming: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Garming Sam 2017-07-13 10:41:33 UTC

Right now, giving an invalid control in ldbsearch triggers panics. This appears to be due to ldb_module_done triggering the unlock case twice (once with DONE, and once with error + DONE). 

This appears to be due to dsdb_next_callback failing to set the DONE flag on the handle. This means that the ldb_next_request code will forcibly call done as soon as any module omits it. The locking callback appears to be the only case which is not currently idempotent.

Comment 1 Andrew Bartlett 2017-08-01 01:38:26 UTC

Created attachment 13441 [details]
possible patch for master

Comment 2 Andrew Bartlett 2017-08-03 02:07:59 UTC

Created attachment 13443 [details]
patch cherry-picked from master for 4.7 (only)

Comment 3 Karolin Seeger 2017-08-04 07:07:14 UTC

Pushed to autobuild-v4-7-test.

Comment 4 Karolin Seeger 2017-08-11 08:19:48 UTC

(In reply to Karolin Seeger from comment #3)
Pushed to v4-7-test.
Closing out bug report.

Thanks!