Created attachment 16614 [details] gdb trace I am trying to run a wbinfo -g on an AD memberserver in an AD with more the 100.000 groups and it shows no output The samba logs shows list_groups XXX [2021/05/17 14:21:49.826967, 1] ../../librpc/ndr/ndr.c:632(_ndr_pull_error) ndr_pull_array_size: ndr_pull_error(Range Error): More than 65535 NDR tokens stored for array_size at ../../librpc/ndr/ndr.c:1093 the wbinfo -g is still working with samba-4.10 on CentOS-7. I am wondering it thhe following change https://github.com/samba-team/samba/commit/7a0ed44b0e65e742a778915d493e17f04c43b2ef#diff-6a1478caa948ca1d186a648c470ded02699da3705181b633232d582a7c73576d /* * This value is arbitary, but designed to reduce the memory a client * can allocate and the work the client can force in processing a * malicious packet. * * In an ideal world this would be controlled by range() restrictions * on array sizes and careful IDL construction to avoid arbitary * linked lists, but this is a backstop for now. */ #define NDR_TOKEN_MAX_LIST_SIZE 65535 Increasing this value solves the problem
Created attachment 16615 [details] full gdb backtrace (4.12.3)
Created attachment 16620 [details] full_gdb_backtrace_with_patched_winbind.idl
Yes, this is a regression from the DoS mitigation efforts in 7a0ed44b0e65e742a778915d493e17f04c43b2ef
This bug was referenced in samba master: e583140e81bce9853ccb86370a2143c8b27b4984 0cc4478070b9c980d653adf31647dd541cf4be22 c35f4180a44eb3caecad0f2daab46574bc52be83 40aabcb5cf76ff076e04bff00f4ff0b4374f2354 139cca7c206efc6c6e9a93fd4045285f25117414 a7d4f93cfdee0a2005be11880f8dd31f55149369 3bc680c1e38bef75d5b212992e15f094c523923b
seems to be fixed, closing bug accordingly. Andrew, please cross-check!
Yes, that should be fixed now.