Created attachment 7134 [details] Patch for the crash bug for 3.6.1 When dns_create_update() fails, it does not initialize *req, and then TALLOC_FREE(req) in the error handling crashes if we're lucky.
Running net ads join where the domain name contained the '_' character (which violates RFC1034), it aborted with "Bad talloc magic value - unknown value". Applied this patch to 3.6.0 and it resolved the problem. The DNS update fails as expected.
Created attachment 7138 [details] Raw patch for 3.6.x. I think this is an easier fix. We shouldn't have uninitialized variables on the stack here. Can you confirm it fixes the problem then we'll get it into 3.6.2 ? Thanks ! Jeremy.
In my opinion the original patch is more consistent with how memory allocation is handled by other functions in this file, e.g. dns_create_update_request, dns_create_tsig_record, dns_unmarshall_tkey_record, etc. Kai and I discussed this alternative on IRC initially. Arguably initializing these stack variables might aid debugging in future; in that case it ought to be applied to the entire file, as well as the change in the original patch.
Created attachment 7139 [details] Improved raw patch for 3.6.x You're right - this needs to be done on all possible error paths for functions in this file. I prefer this fix (and it's similar to what has been added in master). Jeremy.
Comment on attachment 7139 [details] Improved raw patch for 3.6.x Looks good
Karolin, please pick for the release
Pushed to v3-6-test. Closing out bug report. Thanks!