Bug 13936 - ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Summary: ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-08 22:27 UTC by Gary Lockyer
Modified: 2019-05-21 10:54 UTC (History)
1 user (show)

See Also:


Attachments
ASAN error report (4.21 KB, text/plain)
2019-05-08 22:27 UTC, Gary Lockyer
no flags Details
Proposed patch for V4.10 (3.01 KB, text/plain)
2019-05-15 02:06 UTC, Gary Lockyer
abartlet: review+
gary: ci-passed+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gary Lockyer 2019-05-08 22:27:23 UTC
Created attachment 15132 [details]
ASAN error report

==1924==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8
READ of size 24 at 0x7ffe63f873d0 thread T0
    #0 0x7fb99dae1732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
    #1 0x7fb99cfe5549 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
    #2 0x7fb99cfe5549 in ndr_push_bytes ../../librpc/ndr/ndr_basic.c:729
    #3 0x7fb99cfe5646 in ndr_push_array_uint8 ../../librpc/ndr/ndr_basic.c:754
    #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse librpc/gen_ndr/ndr_netlogon.c:462
    #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo librpc/gen_ndr/ndr_netlogon.c:556
    #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel librpc/gen_ndr/ndr_netlogon.c:783
    #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx librpc/gen_ndr/ndr_netlogon.c:16547
    #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416

To reproduce:
* configure with --address-sanitizer enabled
* make TESTS="samba3.blackbox.rpcclient_samlogon" tests
Comment 1 Gary Lockyer 2019-05-13 02:11:44 UTC
Fixed in master for 4.11, commit a5d1f4a8f9c5
Comment 2 Gary Lockyer 2019-05-15 02:04:49 UTC
Re-opened as it should be backported to V4.10
Comment 3 Gary Lockyer 2019-05-15 02:06:00 UTC
Created attachment 15150 [details]
Proposed patch for V4.10

CI: https://gitlab.com/samba-team/devel/samba/pipelines/61325993
Comment 4 Andrew Bartlett 2019-05-15 03:07:48 UTC
Removing team restriction, rpcclient is not security-relevant. 

Please pick for Samba 4.10.
Comment 5 Karolin Seeger 2019-05-16 10:29:24 UTC
(In reply to Andrew Bartlett from comment #4)
Pushed to autobuild-v4-10-test.
Comment 6 Karolin Seeger 2019-05-21 10:54:35 UTC
(In reply to Karolin Seeger from comment #5)
Pushed to v4-10-test.
Closing out bug report.

Thanks!