samba - Mar 2016 - Segmentation Fault when trying to set root samba password, IPA as a backend

On 01/03/16 21:35, Garming Sam wrote:
> Hi Rowland,
>
> This new segfault seems unrelated to the previous one. It's probably
> something like a double free, which typically shouldn't be that hard to
> fix. If you try running the tool under valgrind, it should provide
> enough information to fix the issue.
>
>
> Cheers,
>
> Garming
>
Who or what is 'valgrind' ?
I know what a 'valvegrinder' is, but I don't think you mean this :-D

Or to put it another way, How?
I am quite prepared to try and get the required info, but somebody else 
is going to have to write the 'C' code.

Rowland

It's basically a memory debugging tool available on Linux. It's a pretty
invaluable tool in diagnosing segfaults (as well as a number of other
memory issues) because it can tell you where you're accessing memory
you're not supposed to.

All you have to do is install the tool for your system and just run
`valgrind <program> <program args>`, basically just putting valgrind
in
front of whatever you were doing before. It will produce some (likely
long) log of its findings, hopefully with all the line numbers from the
source code.

Cheers,

Garming

On 02/03/16 11:11, Rowland penny wrote:
> On 01/03/16 21:35, Garming Sam wrote:
>> Hi Rowland,
>>
>> This new segfault seems unrelated to the previous one. It's
probably
>> something like a double free, which typically shouldn't be that
hard to
>> fix. If you try running the tool under valgrind, it should provide
>> enough information to fix the issue.
>>
>>
>> Cheers,
>>
>> Garming
>>
>
> Who or what is 'valgrind' ?
> I know what a 'valvegrinder' is, but I don't think you mean
this :-D
>
> Or to put it another way, How?
> I am quite prepared to try and get the required info, but somebody
> else is going to have to write the 'C' code.
>
> Rowland
>
>

On Tue, Mar 01, 2016 at 10:11:15PM +0000, Rowland penny
wrote:
> On 01/03/16 21:35, Garming Sam wrote:
> >Hi Rowland,
> >
> >This new segfault seems unrelated to the previous one. It's
probably
> >something like a double free, which typically shouldn't be that
hard to
> >fix. If you try running the tool under valgrind, it should provide
> >enough information to fix the issue.
> >
> >
> >Cheers,
> >
> >Garming
> >
> 
> Who or what is 'valgrind' ?
> I know what a 'valvegrinder' is, but I don't think you mean
this :-D
:-).

Install the valgrind tool from your local repository.
> Or to put it another way, How?
> I am quite prepared to try and get the required info, but somebody
> else is going to have to write the 'C' code.
I'll help :-).

Do:

valgrind bin/smbpasswd <parameters>

and valgrind should print out the source code
line where we mess up.

On 02/03/16 00:44, Jeremy Allison wrote:
> On Tue, Mar 01, 2016 at 10:11:15PM +0000, Rowland penny wrote:
>> On 01/03/16 21:35, Garming Sam wrote:
>>> Hi Rowland,
>>>
>>> This new segfault seems unrelated to the previous one. It's
probably
>>> something like a double free, which typically shouldn't be that
hard to
>>> fix. If you try running the tool under valgrind, it should provide
>>> enough information to fix the issue.
>>>
>>>
>>> Cheers,
>>>
>>> Garming
>>>
>> Who or what is 'valgrind' ?
>> I know what a 'valvegrinder' is, but I don't think you mean
this :-D
> :-).
>
> Install the valgrind tool from your local repository.
>
>> Or to put it another way, How?
>> I am quite prepared to try and get the required info, but somebody
>> else is going to have to write the 'C' code.
> I'll help :-).
>
> Do:
>
> valgrind bin/smbpasswd <parameters>
>
> and valgrind should print out the source code
> line where we mess up.
OK, here is the output:

root at testpdc:~# nano /usr/local/samba/etc/smb.conf
root at testpdc:~# valgrind /usr/local/samba/bin/smbpasswd -a ldap02
==2405== Memcheck, a memory error detector
==2405== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2405== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==2405== Command: /usr/local/samba/bin/smbpasswd -a ldap02
==2405=New SMB password:
Retype new SMB password:
==2408===2408== HEAP SUMMARY:
==2408==     in use at exit: 180,041 bytes in 987 blocks
==2408==   total heap usage: 5,737 allocs, 4,750 frees, 1,643,712 bytes 
allocated
==2408===2408== LEAK SUMMARY:
==2408==    definitely lost: 0 bytes in 0 blocks
==2408==    indirectly lost: 0 bytes in 0 blocks
==2408==      possibly lost: 38,178 bytes in 139 blocks
==2408==    still reachable: 141,863 bytes in 848 blocks
==2408==         suppressed: 0 bytes in 0 blocks
==2408== Rerun with --leak-check=full to see details of leaked memory
==2408===2408== For counts of detected and suppressed errors, rerun with: -v
==2408== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Added user ldap02.
==2405== Invalid read of size 4
==2405==    at 0x56AB52A: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB548: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB55C: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB56F: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd4 is 4 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid free() / delete / delete[] / realloc()
==2405==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==2405==    by 0x5686820: ber_memfree_x (in 
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==2405==    by 0x56AB5AA: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405===2405== HEAP SUMMARY:
==2405==     in use at exit: 179,738 bytes in 980 blocks
==2405==   total heap usage: 6,523 allocs, 5,544 frees, 2,273,909 bytes 
allocated
==2405===2405== LEAK SUMMARY:
==2405==    definitely lost: 348 bytes in 2 blocks
==2405==    indirectly lost: 1,868 bytes in 45 blocks
==2405==      possibly lost: 35,708 bytes in 109 blocks
==2405==    still reachable: 141,814 bytes in 824 blocks
==2405==         suppressed: 0 bytes in 0 blocks
==2405== Rerun with --leak-check=full to see details of leaked memory
==2405===2405== For counts of detected and suppressed errors, rerun with: -v
==2405== ERROR SUMMARY: 11 errors from 5 contexts (suppressed: 0 from 0)
root at testpdc:~#


Rowland