Bug 14923 - Segmentation fault when joining the domain
Summary: Segmentation fault when joining the domain
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.15.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-03 11:59 UTC by Ralph Böhme
Modified: 2021-12-15 14:55 UTC (History)
2 users (show)

See Also:

Attachments
Patch for 4.14 and 4.15 cherry-picked from master (1.20 KB, patch)
2021-12-07 17:07 UTC, Ralph Böhme 		metze: review+
asn: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2021-12-03 11:59:28 UTC 
This is a fix for a crash in net ads join caused by failed DNS address lookup.

Have patch, need bugnumber.

ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
==10771== Invalid read of size 16
==10771==    at 0x6FD33ED: sockaddr_storage_to_samba_sockaddr (util_net.c:1081)
==10771==    by 0x812F962: discover_dc_dns (dsgetdcname.c:604)
==10771==    by 0x81310A2: dsgetdcname_rediscover (dsgetdcname.c:1028)
==10771==    by 0x81310A2: dsgetdcname_internal (dsgetdcname.c:1126)
==10771==    by 0x81303F9: dsgetdcname (dsgetdcname.c:1182)
==10771==    by 0x8AE371E: libnet_DomainJoin (libnet_join.c:2628)
==10771==    by 0x8AE371E: libnet_Join (libnet_join.c:2837)
==10771==    by 0x13F709: net_ads_join (net_ads.c:1966)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x14755D: net_ads (net_ads.c:4070)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x13DC4F: main (net.c:1422)
==10771==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==10771==
==10771==
==10771== Process terminating with default action of signal 11 (SIGSEGV): dumping
core
==10771==  Access not within mapped region at address 0x0
==10771==    at 0x6FD33ED: sockaddr_storage_to_samba_sockaddr (util_net.c:1081)
==10771==    by 0x812F962: discover_dc_dns (dsgetdcname.c:604)
==10771==    by 0x81310A2: dsgetdcname_rediscover (dsgetdcname.c:1028)
==10771==    by 0x81310A2: dsgetdcname_internal (dsgetdcname.c:1126)
==10771==    by 0x81303F9: dsgetdcname (dsgetdcname.c:1182)
==10771==    by 0x8AE371E: libnet_DomainJoin (libnet_join.c:2628)
==10771==    by 0x8AE371E: libnet_Join (libnet_join.c:2837)
==10771==    by 0x13F709: net_ads_join (net_ads.c:1966)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x14755D: net_ads (net_ads.c:4070)
==10771==    by 0x1824B7: net_run_function (net_util.c:587)
==10771==    by 0x13DC4F: main (net.c:1422)
==10771==  If you believe this happened as a result of a stack
==10771==  overflow in your program's main thread (unlikely but
==10771==  possible), you can try to increase the size of the
==10771==  main thread stack using the --main-stacksize= flag.
==10771==  The main thread stack size used in this run was 8388608.
Comment 1 Samba QA Contact 2021-12-03 12:55:04 UTC 
This bug was referenced in samba master:

5e3df5f9ee64a80898f73585b19113354f463c44
Comment 2 Ralph Böhme 2021-12-07 17:07:05 UTC 
Created attachment 17051 [details]
Patch for 4.14 and 4.15 cherry-picked from master
Comment 3 Stefan Metzmacher 2021-12-08 09:33:58 UTC 
Pushed to autobuild-v4-{15,14}-test
Comment 4 Samba QA Contact 2021-12-08 10:55:42 UTC 
This bug was referenced in samba v4-15-test:

5e846fcf74edb883e8aa7756ee51ef8bfbfb6026
Comment 5 Samba QA Contact 2021-12-08 14:55:32 UTC 
This bug was referenced in samba v4-14-test:

3d35397e10348317ab2adbaf033c5becf59fcc33
Comment 6 Samba QA Contact 2021-12-08 14:57:40 UTC 
This bug was referenced in samba v4-15-stable (Release samba-4.15.3):

5e846fcf74edb883e8aa7756ee51ef8bfbfb6026
Comment 7 Samba QA Contact 2021-12-15 14:55:35 UTC 
This bug was referenced in samba v4-14-stable (Release samba-4.14.11):

3d35397e10348317ab2adbaf033c5becf59fcc33