Bug 13936 - ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Summary: ERROR: AddressSanitizer: stack-use-after-scope dcerpc_binding_handle_call_send
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.10.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-08 22:27 UTC by Gary Lockyer
Modified: 2019-05-21 10:54 UTC (History)
1 user (show)

See Also:

Attachments
ASAN error report (4.21 KB, text/plain)
2019-05-08 22:27 UTC, Gary Lockyer 		no flags Details
Proposed patch for V4.10 (3.01 KB, text/plain)
2019-05-15 02:06 UTC, Gary Lockyer 		abartlet: review+
gary: ci-passed+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gary Lockyer 2019-05-08 22:27:23 UTC 
Created attachment 15132 [details]
ASAN error report

==1924==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8
READ of size 24 at 0x7ffe63f873d0 thread T0
    #0 0x7fb99dae1732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
    #1 0x7fb99cfe5549 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
    #2 0x7fb99cfe5549 in ndr_push_bytes ../../librpc/ndr/ndr_basic.c:729
    #3 0x7fb99cfe5646 in ndr_push_array_uint8 ../../librpc/ndr/ndr_basic.c:754
    #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse librpc/gen_ndr/ndr_netlogon.c:462
    #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo librpc/gen_ndr/ndr_netlogon.c:556
    #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel librpc/gen_ndr/ndr_netlogon.c:783
    #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx librpc/gen_ndr/ndr_netlogon.c:16547
    #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416

To reproduce:
* configure with --address-sanitizer enabled
* make TESTS="samba3.blackbox.rpcclient_samlogon" tests
Comment 1 Gary Lockyer 2019-05-13 02:11:44 UTC 
Fixed in master for 4.11, commit a5d1f4a8f9c5
Comment 2 Gary Lockyer 2019-05-15 02:04:49 UTC 
Re-opened as it should be backported to V4.10
Comment 3 Gary Lockyer 2019-05-15 02:06:00 UTC 
Created attachment 15150 [details]
Proposed patch for V4.10

CI: https://gitlab.com/samba-team/devel/samba/pipelines/61325993
Comment 4 Andrew Bartlett 2019-05-15 03:07:48 UTC 
Removing team restriction, rpcclient is not security-relevant. 

Please pick for Samba 4.10.
Comment 5 Karolin Seeger 2019-05-16 10:29:24 UTC 
(In reply to Andrew Bartlett from comment #4)
Pushed to autobuild-v4-10-test.
Comment 6 Karolin Seeger 2019-05-21 10:54:35 UTC 
(In reply to Karolin Seeger from comment #5)
Pushed to v4-10-test.
Closing out bug report.

Thanks!