Created attachment 15144 [details] ASAN error report To reproduce: 2 * configure with address_sanitizer enabled 3 * make TESTS="ldap.sites" test 4 5 ================================================================= 6 ==6065==ERROR: AddressSanitizer: heap-use-after-free on address 0x60f0002b2738 at pc 0x7fcce80fb3b5 bp 0x7ffd61798410 sp 0x7ffd61798400 7 READ of size 8 at 0x60f0002b2738 thread T0 8 #0 0x7fcce80fb3b4 in samldb_rename_search_base_callback ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203 9 #1 0x7fcd0a0e7b4a in ldb_module_send_entry ../../lib/ldb/common/ldb_modules.c:793 10 #2 0x7fcced601356 in es_callback ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418 11 #3 0x7fcd0a0e7b4a in ldb_module_send_entry ../../lib/ldb/common/ldb_modules.c:793 12 #4 0x7fccea6d01b4 in operational_callback ../../source4/dsdb/samdb/ldb_modules/operational.c:1564 ...
check_rename_constraints() should not talloc_free(ac).
Created attachment 15157 [details] Proposed patch for V4.10 CI: https://gitlab.com/samba-team/devel/samba/pipelines/61324416
Please select for 4.10 and 4.9. Removing team-only restriction, while not good I don't see this as exploitable given the codepath.
Pushed to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #4) Pushed to v4-10-test, pushed to autobuild-v4-9-test (was confused by the patch name that indicates 4.10 only).
(In reply to Karolin Seeger from comment #5) Pushed to both branches. Closing out bug report. Thanks!