Bug 13927 - ASAN detected use after free in nsswitch/pam_winbind.c
Summary: ASAN detected use after free in nsswitch/pam_winbind.c
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-05 23:14 UTC by Gary Lockyer
Modified: 2019-05-21 10:00 UTC (History)
1 user (show)

See Also:


Attachments
ASAN error report (10.69 KB, text/plain)
2019-05-05 23:14 UTC, Gary Lockyer
no flags Details
Proposed patch for master. (1.18 KB, patch)
2019-05-06 02:09 UTC, Gary Lockyer
gary: review? (abartlet)
Details
Proposed patch for V4.10 (1.42 KB, text/plain)
2019-05-15 02:09 UTC, Gary Lockyer
abartlet: review+
gary: ci-passed+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gary Lockyer 2019-05-05 23:14:31 UTC
Created attachment 15120 [details]
ASAN error report

Use after free error in wbcLogonUserInfoDestructor detected by ASAN.

wbcFreeMemory has code to detect and prevent a double free.  This involves inspecting the referenced memory, which triggers an ASAN error.  Value needs to be set to NULL after it's freed.
Comment 1 Gary Lockyer 2019-05-06 02:09:59 UTC
Created attachment 15121 [details]
Proposed patch for master.
Comment 2 Gary Lockyer 2019-05-06 20:48:47 UTC
Fix committed to master commit 193b44466ba05deba8f2b1fdc16ab55c102e82ad
Comment 3 Gary Lockyer 2019-05-15 02:08:20 UTC
Re-opening as it shoud be backported to V4.10
Comment 4 Gary Lockyer 2019-05-15 02:09:44 UTC
Created attachment 15151 [details]
Proposed patch for V4.10

CI: https://gitlab.com/samba-team/devel/samba/pipelines/61329324
Comment 5 Karolin Seeger 2019-05-16 10:25:50 UTC
Pushed to autobuild-v4-10-test.
Comment 6 Karolin Seeger 2019-05-21 10:00:47 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to v4-10-test.
Closing out bug report.

Thanks!