Bug 15433 - cm_prepare_connection() calls close(fd) for the second time.
Summary: cm_prepare_connection() calls close(fd) for the second time.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.18.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-25 09:16 UTC by Pavel Filipenský
Modified: 2023-08-16 16:57 UTC (History)
1 user (show)

See Also:

Attachments
4.18 patch (1.87 KB, patch)
2023-07-25 13:01 UTC, Pavel Filipenský 		slow: review-
Details
4.18 patch with cherry-pick tag (1.94 KB, patch)
2023-07-25 15:28 UTC, Pavel Filipenský 		slow: review+
Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Filipenský 2023-07-25 09:16:36 UTC 
Red Hat internal coverity reports:

source3/winbindd/winbindd_cm.c:1747: closed_arg: "cm_prepare_connection(struct winbindd_domain *, int const, char const *, struct cli_state **, _Bool *)" closes "fd".

source3/winbindd/winbindd_cm.c:1752: double_close: Calling "close(int)" closes handle "fd" which has already been closed.

#  1750|   			break;
#  1751|   		}
#  1752|-> 		close(fd);
#  1753|   		fd = -1;
#  1754|   		if (!retry) {

====

Fix will follow.
Comment 1 Samba QA Contact 2023-07-25 12:09:03 UTC 
This bug was referenced in samba master:

dd998cc163358edd6c748e40900247877f91eb1f
Comment 2 Pavel Filipenský 2023-07-25 13:01:51 UTC 
Created attachment 17999 [details]
4.18 patch
Comment 3 Ralph Böhme 2023-07-25 13:21:38 UTC 
Comment on attachment 17999 [details]
4.18 patch

Misses cherry-picked tag...
Comment 4 Pavel Filipenský 2023-07-25 15:28:43 UTC 
Created attachment 18000 [details]
4.18 patch with cherry-pick tag
Comment 5 Ralph Böhme 2023-07-25 16:09:10 UTC 
Is this bug only present in 4.18, or does is also apply to 4.17?
Comment 6 Pavel Filipenský 2023-07-26 08:12:09 UTC 
The bug (double close) is present also in 4.17. Samba 4.17 has one extra issue with not calling close in cm_open_connection() at line 1710:

https://gitlab.com/samba-team/samba/-/blob/v4-17-test/source3/winbindd/winbindd_cm.c?ref_type=heads#L1710

Do we want to fix 4.17? Cherry pick is not possible, but the manual fix is not difficult for both issues.
Comment 7 Ralph Böhme 2023-07-26 08:17:40 UTC 
You decide. :) I'm ok with keeping it unfixed in 4.17.
Comment 8 Pavel Filipenský 2023-07-26 11:23:40 UTC 
Backporting to 4.18 is enough for me.
Comment 9 Ralph Böhme 2023-07-26 12:50:34 UTC 
Reassigning to Jule for inclusion in 4.18.
Comment 10 Samba QA Contact 2023-07-28 12:15:09 UTC 
This bug was referenced in samba v4-19-test:

dd998cc163358edd6c748e40900247877f91eb1f
Comment 11 Samba QA Contact 2023-07-28 12:17:43 UTC 
This bug was referenced in samba v4-19-stable (Release samba-4.19.0rc1):

dd998cc163358edd6c748e40900247877f91eb1f
Comment 12 Jule Anger 2023-07-28 12:41:42 UTC 
Pushed to autobuild-v4-18-test.
Comment 13 Samba QA Contact 2023-07-28 13:38:04 UTC 
This bug was referenced in samba v4-18-test:

c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7
Comment 14 Jule Anger 2023-07-28 13:55:58 UTC 
Closing out bug report.

Thanks!
Comment 15 Samba QA Contact 2023-08-16 16:57:24 UTC 
This bug was referenced in samba v4-18-stable (Release samba-4.18.6):

c1c2a0ec80d65e663f4cd6ed144f77b75d0edea7