1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

s3:libads: avoid changing ADS->server.workgroup

ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().

The result are corrupted domain values in the debug output.

Valgrind shows this:

 Invalid read of size 1
    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
    by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
    by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
    by 0x5D2ED3F: dbgtext (debug.c:1881)
    by 0x4BFFB50: ads_find_dc (ldap.c:570)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4BFF0AF: ads_try_connect (ldap.c:299)
    by 0x4BFF40E: cldap_ping_list (ldap.c:367)
    by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
    by 0x4BFFA91: ads_find_dc (ldap.c:556)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Block was alloc'd at
    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x60B250E: strdup (strdup.c:42)
    by 0x4FF1492: smb_xstrdup (util.c:743)
    by 0x4C10E62: ads_init (ads_struct.c:148)
    by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ca859e55d2)
This commit is contained in:
Stefan Metzmacher 2021-10-15 03:34:11 +02:00
parent ba361b11d2
commit 4257e3b8fe
3 changed files with 15 additions and 8 deletions

View File

@ -275,12 +275,12 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
/* Fill in the ads->config values */
ADS_TALLOC_CONST_FREE(ads->config.workgroup);
ADS_TALLOC_CONST_FREE(ads->config.realm);
ADS_TALLOC_CONST_FREE(ads->config.bind_path);
ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name);
ADS_TALLOC_CONST_FREE(ads->config.server_site_name);
ADS_TALLOC_CONST_FREE(ads->config.client_site_name);
ADS_TALLOC_CONST_FREE(ads->server.workgroup);
if (!check_cldap_reply_required_flags(cldap_reply->server_type,
ads->config.flags)) {
@ -296,6 +296,13 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
goto out;
}
ads->config.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
if (ads->config.workgroup == NULL) {
DBG_WARNING("Out of memory\n");
ret = false;
goto out;
}
ads->config.realm = talloc_asprintf_strupper_m(ads,
"%s",
cldap_reply->dns_domain);
@ -334,13 +341,6 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
}
}
ads->server.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
if (ads->server.workgroup == NULL) {
DBG_WARNING("Out of memory\n");
ret = false;
goto out;
}
ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
ads->ldap.ss = *ss;

View File

@ -59,6 +59,7 @@ interface ads
typedef [nopull,nopush] struct {
nbt_server_type flags; /* cldap flags identifying the services. */
string workgroup;
string realm;
string bind_path;
string ldap_server_name;

View File

@ -521,6 +521,11 @@ static int net_ads_info_json(ADS_STRUCT *ads)
goto failure;
}
ret = json_add_string (&jsobj, "Workgroup", ads->config.workgroup);
if (ret != 0) {
goto failure;
}
ret = json_add_string (&jsobj, "Realm", ads->config.realm);
if (ret != 0) {
goto failure;
@ -627,6 +632,7 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv)
d_printf(_("LDAP server: %s\n"), addr);
d_printf(_("LDAP server name: %s\n"), ads->config.ldap_server_name);
d_printf(_("Workgroup: %s\n"), ads->config.workgroup);
d_printf(_("Realm: %s\n"), ads->config.realm);
d_printf(_("Bind Path: %s\n"), ads->config.bind_path);
d_printf(_("LDAP port: %d\n"), ads->ldap.port);