Bug 14923 - Segmentation fault when joining the domain
Summary: Segmentation fault when joining the domain
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.15.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-03 11:59 UTC by Ralph Böhme
Modified: 2021-12-15 14:55 UTC (History)
2 users (show)

See Also:


Attachments
Patch for 4.14 and 4.15 cherry-picked from master (1.20 KB, patch)
2021-12-07 17:07 UTC, Ralph Böhme
metze: review+
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2021-12-03 11:59:28 UTC
This is a fix for a crash in net ads join caused by failed DNS address lookup.

Have patch, need bugnumber.

ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==10771== Invalid read of size 16
==10771==    at 0x6FD33ED: sockaddr_storage_to_samba_sockaddr (util_net.c:1081)
==10771==    by 0x812F962: discover_dc_dns (dsgetdcname.c:604)
==10771==    by 0x81310A2: dsgetdcname_rediscover (dsgetdcname.c:1028)
==10771==    by 0x81310A2: dsgetdcname_internal (dsgetdcname.c:1126)
==10771==    by 0x81303F9: dsgetdcname (dsgetdcname.c:1182)
==10771==    by 0x8AE371E: libnet_DomainJoin (libnet_join.c:2628)
==10771==    by 0x8AE371E: libnet_Join (libnet_join.c:2837)
==10771==    by 0x13F709: net_ads_join (net_ads.c:1966)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x14755D: net_ads (net_ads.c:4070)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x13DC4F: main (net.c:1422)
==10771==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10771==
==10771==
==10771== Process terminating with default action of signal 11 (SIGSEGV): dumping
core
==10771==  Access not within mapped region at address 0x0
==10771==    at 0x6FD33ED: sockaddr_storage_to_samba_sockaddr (util_net.c:1081)
==10771==    by 0x812F962: discover_dc_dns (dsgetdcname.c:604)
==10771==    by 0x81310A2: dsgetdcname_rediscover (dsgetdcname.c:1028)
==10771==    by 0x81310A2: dsgetdcname_internal (dsgetdcname.c:1126)
==10771==    by 0x81303F9: dsgetdcname (dsgetdcname.c:1182)
==10771==    by 0x8AE371E: libnet_DomainJoin (libnet_join.c:2628)
==10771==    by 0x8AE371E: libnet_Join (libnet_join.c:2837)
==10771==    by 0x13F709: net_ads_join (net_ads.c:1966)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x14755D: net_ads (net_ads.c:4070)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x13DC4F: main (net.c:1422)
==10771==  If you believe this happened as a result of a stack
==10771==  overflow in your program's main thread (unlikely but
==10771==  possible), you can try to increase the size of the
==10771==  main thread stack using the --main-stacksize= flag.
==10771==  The main thread stack size used in this run was 8388608.
Comment 1 Samba QA Contact 2021-12-03 12:55:04 UTC
This bug was referenced in samba master:

5e3df5f9ee64a80898f73585b19113354f463c44
Comment 2 Ralph Böhme 2021-12-07 17:07:05 UTC
Created attachment 17051 [details]
Patch for 4.14 and 4.15 cherry-picked from master
Comment 3 Stefan Metzmacher 2021-12-08 09:33:58 UTC
Pushed to autobuild-v4-{15,14}-test
Comment 4 Samba QA Contact 2021-12-08 10:55:42 UTC
This bug was referenced in samba v4-15-test:

5e846fcf74edb883e8aa7756ee51ef8bfbfb6026
Comment 5 Samba QA Contact 2021-12-08 14:55:32 UTC
This bug was referenced in samba v4-14-test:

3d35397e10348317ab2adbaf033c5becf59fcc33
Comment 6 Samba QA Contact 2021-12-08 14:57:40 UTC
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

5e846fcf74edb883e8aa7756ee51ef8bfbfb6026
Comment 7 Samba QA Contact 2021-12-15 14:55:35 UTC
This bug was referenced in samba v4-14-stable (Release samba-4.14.11):

3d35397e10348317ab2adbaf033c5becf59fcc33