Created attachment 16614 [details]
I am trying to run a wbinfo -g on an AD memberserver in an AD with more the 100.000 groups and it shows no output
The samba logs shows
[2021/05/17 14:21:49.826967, 1] ../../librpc/ndr/ndr.c:632(_ndr_pull_error)
ndr_pull_array_size: ndr_pull_error(Range Error): More than 65535 NDR tokens stored for array_size at ../../librpc/ndr/ndr.c:1093
the wbinfo -g is still working with samba-4.10 on CentOS-7.
I am wondering it thhe following change
* This value is arbitary, but designed to reduce the memory a client
* can allocate and the work the client can force in processing a
* malicious packet.
* In an ideal world this would be controlled by range() restrictions
* on array sizes and careful IDL construction to avoid arbitary
* linked lists, but this is a backstop for now.
#define NDR_TOKEN_MAX_LIST_SIZE 65535
Increasing this value solves the problem
Created attachment 16615 [details]
full gdb backtrace (4.12.3)
Created attachment 16620 [details]
Yes, this is a regression from the DoS mitigation efforts in 7a0ed44b0e65e742a778915d493e17f04c43b2ef
This bug was referenced in samba master:
seems to be fixed, closing bug accordingly. Andrew, please cross-check!
Yes, that should be fixed now.