Bug 13934 - AddressSanitizer: heap-buffer-overflow in check_tdb_action
Summary: AddressSanitizer: heap-buffer-overflow in check_tdb_action
Status: RESOLVED DUPLICATE of bug 13842
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-08 22:06 UTC by Gary Lockyer
Modified: 2019-05-13 22:52 UTC (History)
0 users

See Also:


Attachments
ASAN error report (4.51 KB, text/plain)
2019-05-08 22:06 UTC, Gary Lockyer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gary Lockyer 2019-05-08 22:06:06 UTC
Created attachment 15130 [details]
ASAN error report

==13640==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b000012165 at pc 0x7fd12c0dcf54 bp 0x7fffdd10ff30 sp 0x7fffdd10f6d8 READ of size 22 at 0x60b000012165 thread T0 #0 0x7fd12c0dcf53 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53)
 #1 0x7fd1298d9da1 in srprs_str ../../source3/lib/srprs.c:52
 #2 0x5586f9d3b225 in check_tdb_action ../../source3/utils/net_registry_check.c:737
...

To reproduce configure with --address-sanitizer option enabled and run.
make TESTS="samba3.blackbox.net" test
Comment 1 Andrew Bartlett 2019-05-13 22:32:14 UTC
This looks like something to fix for robustness, but it is a local tool operating on the registry tdb files, those are privileged in any case.
Comment 2 Jeremy Allison 2019-05-13 22:52:29 UTC
This is the same issue as https://bugzilla.samba.org/show_bug.cgi?id=13842

I have a fix, doing tests, CI work now.

*** This bug has been marked as a duplicate of bug 13842 ***