sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
bd53e20764
samba-mirror/source4/dsdb/gmsa
History
Andreas Schneider c5a1c8d45b s4:dsdb: Fix stack use after scope in gkdi_create_root_key() 
==20978==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f4f91ff51a0 at pc 0x7f4f94cf93d6 bp 0x7ffdb90fc510 sp 0x7ffdb90fbcd0
READ of size 64 at 0x7f4f91ff51a0 thread T0
    #0 0x7f4f94cf93d5 in memcpy ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x7f4f933bdb67 in ldb_val_dup ../../lib/ldb/common/ldb_msg.c:325
    #2 0x7f4f933c11d1 in ldb_msg_copy ../../lib/ldb/common/ldb_msg.c:1182
    #3 0x7f4f933c13d2 in ldb_msg_normalize ../../lib/ldb/common/ldb_msg.c:1235
    #4 0x7f4f933ab556 in ldb_request ../../lib/ldb/common/ldb.c:1196
    #5 0x7f4f8e82b1d4 in dsdb_autotransaction_request ../../source4/dsdb/common/util.c:1220
    #6 0x7f4f8e831c8a in dsdb_add ../../source4/dsdb/common/util.c:5354
    #7 0x7f4f8e853a01 in gkdi_create_root_key ../../source4/dsdb/gmsa/gkdi.c:493
    #8 0x7f4f8e853a01 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:551
    #9 0x7f4f8cd4ca52 in py_dsdb_create_gkdi_root_key ../../source4/dsdb/pydsdb.c:1388
    #10 0x7f4f947ce01c  (/lib64/libpython3.11.so.1.0+0x1ce01c) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #11 0x7f4f947de4c0 in _PyObject_Call (/lib64/libpython3.11.so.1.0+0x1de4c0) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #12 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #13 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #14 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #15 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #16 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #17 0x7f4f947edabb  (/lib64/libpython3.11.so.1.0+0x1edabb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #18 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #19 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #20 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #21 0x7f4f947ed9fb  (/lib64/libpython3.11.so.1.0+0x1ed9fb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #22 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #23 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #24 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #25 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #26 0x7f4f94839997 in PyEval_EvalCode (/lib64/libpython3.11.so.1.0+0x239997) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #27 0x7f4f94856862  (/lib64/libpython3.11.so.1.0+0x256862) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #28 0x7f4f94852e59  (/lib64/libpython3.11.so.1.0+0x252e59) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #29 0x7f4f94868fb1  (/lib64/libpython3.11.so.1.0+0x268fb1) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #30 0x7f4f948687a3 in _PyRun_SimpleFileObject (/lib64/libpython3.11.so.1.0+0x2687a3) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #31 0x7f4f94868453 in _PyRun_AnyFileObject (/lib64/libpython3.11.so.1.0+0x268453) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #32 0x7f4f94861c53 in Py_RunMain (/lib64/libpython3.11.so.1.0+0x261c53) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #33 0x7f4f94829996 in Py_BytesMain (/lib64/libpython3.11.so.1.0+0x229996) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #34 0x7f4f9422a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #35 0x7f4f9422a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
    #36 0x5604497e3084 in _start (/usr/bin/python3.11+0x1084) (BuildId: f5d6e3bdbf9098a6ddde0b7f2e07ffc9ad1b1dc3)

Address 0x7f4f91ff51a0 is located in stack of thread T0 at offset 416 in frame
    #0 0x7f4f8e852b37 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:537

  This frame has 12 object(s):
    [32, 40) 'root_key_dn' (line 539)
    [64, 72) 'res' (line 540)
    [96, 104) 'server_config_res' (line 118)
    [128, 136) 'kdf_algorithm' (line 128)
    [160, 168) 'domain_dn' (line 388)
    [192, 208) 'kdf_parameters_blob' (line 129)
    [224, 240) 'root_key_data_blob' (line 353)
    [256, 272) 'guid_blob' (line 467)
    [288, 312) 'kdf_parameters' (line 226)
    [352, 368) 'root_key_id' (line 116)
    [384, 400) 'guid_buf' (line 466)
    [416, 480) 'root_key_data' (line 352) <== Memory access at offset 416 is inside this variable

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <jsutton@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May  3 12:20:55 UTC 2024 on atb-devel-224
2024-05-03 12:20:55 +00:00
..
gkdi.c s4:dsdb: Fix stack use after scope in gkdi_create_root_key() 2024-05-03 12:20:55 +00:00
gkdi.h s4:dsdb: Add functions for Group Managed Service Accounts implementation 2024-04-16 03:58:31 +00:00
util.c s4-gmsa: Do not attempt password set on remote LDAP connections 2024-04-21 22:10:36 +00:00
util.h s4:dsdb: Add dsdb_update_gmsa_keys() 2024-04-21 22:10:36 +00:00