Bug 15433 - cm_prepare_connection() calls close(fd) for the second time.
Summary: cm_prepare_connection() calls close(fd) for the second time.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.18.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-25 09:16 UTC by Pavel Filipenský
Modified: 2023-08-16 16:57 UTC (History)
1 user (show)

See Also:


Attachments
4.18 patch (1.87 KB, patch)
2023-07-25 13:01 UTC, Pavel Filipenský
slow: review-
Details
4.18 patch with cherry-pick tag (1.94 KB, patch)
2023-07-25 15:28 UTC, Pavel Filipenský
slow: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Filipenský 2023-07-25 09:16:36 UTC
Red Hat internal coverity reports:

source3/winbindd/winbindd_cm.c:1747: closed_arg: "cm_prepare_connection(struct winbindd_domain *, int const, char const *, struct cli_state **, _Bool *)" closes "fd".

source3/winbindd/winbindd_cm.c:1752: double_close: Calling "close(int)" closes handle "fd" which has already been closed.

#  1750|   			break;
#  1751|   		}
#  1752|-> 		close(fd);
#  1753|   		fd = -1;
#  1754|   		if (!retry) {

====

Fix will follow.
Comment 1 Samba QA Contact 2023-07-25 12:09:03 UTC
This bug was referenced in samba master:

dd998cc163358edd6c748e40900247877f91eb1f
Comment 2 Pavel Filipenský 2023-07-25 13:01:51 UTC
Created attachment 17999 [details]
4.18 patch
Comment 3 Ralph Böhme 2023-07-25 13:21:38 UTC
Comment on attachment 17999 [details]
4.18 patch

Misses cherry-picked tag...
Comment 4 Pavel Filipenský 2023-07-25 15:28:43 UTC
Created attachment 18000 [details]
4.18 patch with cherry-pick tag
Comment 5 Ralph Böhme 2023-07-25 16:09:10 UTC
Is this bug only present in 4.18, or does is also apply to 4.17?
Comment 6 Pavel Filipenský 2023-07-26 08:12:09 UTC
The bug (double close) is present also in 4.17. Samba 4.17 has one extra issue with not calling close in cm_open_connection() at line 1710:

https://gitlab.com/samba-team/samba/-/blob/v4-17-test/source3/winbindd/winbindd_cm.c?ref_type=heads#L1710

Do we want to fix 4.17? Cherry pick is not possible, but the manual fix is not difficult for both issues.
Comment 7 Ralph Böhme 2023-07-26 08:17:40 UTC
You decide. :) I'm ok with keeping it unfixed in 4.17.
Comment 8 Pavel Filipenský 2023-07-26 11:23:40 UTC
Backporting to 4.18 is enough for me.
Comment 9 Ralph Böhme 2023-07-26 12:50:34 UTC
Reassigning to Jule for inclusion in 4.18.
Comment 10 Samba QA Contact 2023-07-28 12:15:09 UTC
This bug was referenced in samba v4-19-test:

dd998cc163358edd6c748e40900247877f91eb1f
Comment 11 Samba QA Contact 2023-07-28 12:17:43 UTC
This bug was referenced in samba v4-19-stable (Release samba-4.19.0rc1):

dd998cc163358edd6c748e40900247877f91eb1f
Comment 12 Jule Anger 2023-07-28 12:41:42 UTC
Pushed to autobuild-v4-18-test.
Comment 13 Samba QA Contact 2023-07-28 13:38:04 UTC
This bug was referenced in samba v4-18-test:

c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7
Comment 14 Jule Anger 2023-07-28 13:55:58 UTC
Closing out bug report.

Thanks!
Comment 15 Samba QA Contact 2023-08-16 16:57:24 UTC
This bug was referenced in samba v4-18-stable (Release samba-4.18.6):

c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7