15300 – client might cause (Samba AD DC) Heimdal KDC to strchr() beyond the end of a string

Bug 15300 - client might cause (Samba AD DC) Heimdal KDC to strchr() beyond the end of a string

Summary: client might cause (Samba AD DC) Heimdal KDC to strchr() beyond the end of a ...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.18.0rc2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-07 04:10 UTC by Andrew Bartlett
Modified:	2023-08-02 21:17 UTC (History)
CC List:	0 users

See Also:	https://github.com/heimdal/heimdal/issues/1057

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2023-02-07 04:10:29 UTC

An un-authenticated NULL pointer de-reference can be triggered in the Heimdal KDC.

Samba's KDC should auto-restart, but this still needs to be fixed and backported.

Comment 1 Andrew Bartlett 2023-02-07 04:12:26 UTC

Upstream fix: 
https://github.com/heimdal/heimdal/commit/2e7d996ea9e698b4edcbf9c5cf22a36e26ae3de5

Comment 2 Andrew Bartlett 2023-02-07 04:24:16 UTC

At least for this particular codepath, perhaps due to how Samba as an AD DC handles referrals, I can't reproduce this issue.

Comment 3 Andrew Bartlett 2023-08-02 21:17:57 UTC

Marking as WONTFIX, but we will have imported this commit for Samba 4.19 in any case with the Heimdal updates.