Bug 9001 - SEGV in ntp_signd line 194
SEGV in ntp_signd line 194
Status: RESOLVED FIXED
Product: Samba 4.0
Classification: Unclassified
Component: Other
4.0 alpha 18
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
samba4-qa@samba.org
:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-06-18 09:38 UTC by Arvid Requate
Modified: 2012-08-23 00:51 UTC (History)
1 user (show)

See Also:


Attachments
Return on error seems to be missing a couple of lines earlier, see suggested patch. (625 bytes, patch)
2012-06-18 09:40 UTC, Arvid Requate
no flags Details
git format-patch (1.04 KB, patch)
2012-08-14 12:19 UTC, Arvid Requate
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate 2012-06-18 09:38:45 UTC
With ntp signing enabled we experienced a SEGV of ntp_signd in
source4/ntp_signd/ntp_signd.c:+194

gdb traceback and code show the following line as triggering the fault:
============================================================================
        user_account_control = ldb_msg_find_attr_as_uint(res->msgs[0],
                                                         "userAccountControl",
                                                         0);
============================================================================

(gdb) print res
$1 = (struct ldb_result *) 0xa977930
(gdb) print res->msgs[0]
Cannot access memory at address 0x0
(gdb) print res->msgs
$2 = (struct ldb_message **) 0x0
Comment 1 Arvid Requate 2012-06-18 09:40:43 UTC
Created attachment 7656 [details]
Return on error seems to be missing a couple of lines earlier, see suggested patch.
Comment 2 Arvid Requate 2012-08-14 09:59:00 UTC
Some context info: This code path probably is really rarely used, as the cause was a broken machine account object, which was lacking *any* object class at all and thus also the required attributes. May be caused by some rare replication issue, as it only occured on one (replicating) DC out of three (total).

The patch fixes a possible segfault in this case anyway and the increased debug level really helped to track down the broken object efficiently.
Comment 3 Andrew Bartlett 2012-08-14 10:02:44 UTC
any chance of getting this as a git format-patch?

(very happy to apply it then)
Comment 4 Arvid Requate 2012-08-14 12:19:37 UTC
Created attachment 7773 [details]
git format-patch
Comment 5 Andrew Bartlett 2012-08-23 00:51:19 UTC
Fixed with a74ca56c482257f79eb6f966fc490657a0d6407b