thr3ads.net - samba - [Samba] Segmentation Fault when trying to set root samba password, IPA as a backend [Mar 2016]

If this information is useful, please help other people find it:
Share via:

Volker Lendecke

2016-Mar-04 09:58 UTC

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

On Fri, Mar 04, 2016 at 10:53:17AM +0100, Volker Lendecke
wrote:> On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny wrote:
> > OK, here is the output:
> 
> Can you try the attached (UNTESTED!) patch?
> 
> Thanks,
Gna, should have at least compiled it....

New patch :-)

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------

Rowland penny

2016-Mar-04 16:16 UTC

head link

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

On 04/03/16 09:58, Volker Lendecke wrote:> On Fri, Mar 04, 2016 at 10:53:17AM +0100, Volker Lendecke wrote:
>> On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny wrote:
>>> OK, here is the output:
>> Can you try the attached (UNTESTED!) patch?
>>
>> Thanks,
> Gna, should have at least compiled it....
>
> New patch :-)
>
> Volker
>
Sorry Volker, it didn't work :-(

It still segfaults and valgrind now shows more errors, see attached files

Rowland

-------------- next part --------------
smbpasswd -a ldap03
New SMB password:
Retype new SMB password:
Added user ldap03.
Segmentation fault
root at testpdc:/usr/src/samba/samba-master# gdb smbpasswd
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i586-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to
"word"...
Reading symbols from smbpasswd...done.
(gdb) run -a ldap04
Starting program: /usr/local/samba/bin/smbpasswd -a ldap04
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
New SMB password:
Retype new SMB password:
Added user ldap04.

Program received signal SIGSEGV, Segmentation fault.
0xb7137578 in ldap_mods_free () from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
(gdb) bt
#0  0xb7137578 in ldap_mods_free ()
   from /usr/lib/i386-linux-gnu/libldap_r-2.4.so.2
#1  0xb70d7a14 in ldapmod_destructor (mod=0x80028280)
    at ../source3/lib/smbldap.c:266
#2  0xb7da7b54 in _talloc_free_internal (ptr=0x80028280, 
    location=0x800060b8 "../source3/utils/smbpasswd.c:631")
    at ../lib/talloc/talloc.c:1046
#3  0xb7da8930 in _talloc_free_children_internal (tc=0x8001e858, 
    ptr=0x8001e888, location=0x800060b8
"../source3/utils/smbpasswd.c:631")
    at ../lib/talloc/talloc.c:1525
#4  0xb7da7cb3 in _talloc_free_internal (ptr=0x8001e888, 
    location=0x800060b8 "../source3/utils/smbpasswd.c:631")
    at ../lib/talloc/talloc.c:1072
#5  0xb7da8c9d in _talloc_free (ptr=0x8001e888, 
    location=0x800060b8 "../source3/utils/smbpasswd.c:631")
    at ../lib/talloc/talloc.c:1647
#6  0x800041de in main (argc=3, argv=0xbffffcf4)
    at ../source3/utils/smbpasswd.c:631
(gdb) quit
A debugging session is active.

	Inferior 1 [process 28613] will be killed.

Quit anyway? (y or n) y



-------------- next part --------------
valgrind smbpasswd -a ldap05
==28624== Memcheck, a memory error detector
==28624== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==28624== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==28624== Command: smbpasswd -a ldap05
==28624== 
New SMB password:
Retype new SMB password:
==28626== 
==28626== HEAP SUMMARY:
==28626==     in use at exit: 180,041 bytes in 987 blocks
==28626==   total heap usage: 5,737 allocs, 4,750 frees, 1,643,712 bytes
allocated
==28626== 
==28626== LEAK SUMMARY:
==28626==    definitely lost: 0 bytes in 0 blocks
==28626==    indirectly lost: 0 bytes in 0 blocks
==28626==      possibly lost: 38,178 bytes in 139 blocks
==28626==    still reachable: 141,863 bytes in 848 blocks
==28626==         suppressed: 0 bytes in 0 blocks
==28626== Rerun with --leak-check=full to see details of leaked memory
==28626== 
==28626== For counts of detected and suppressed errors, rerun with: -v
==28626== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Added user ldap05.
==28624== Invalid read of size 4
==28624==    at 0x56B452A: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20dd0 is 0 bytes inside a block of size 16 free'd
==28624==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==28624==    by 0x48777F7: realloc_array (util.c:754)
==28624==    by 0x5731BE1: smbldap_set_mod_internal (smbldap.c:325)
==28624==    by 0x5732166: smbldap_set_mod (smbldap.c:392)
==28624==    by 0x4AA410F: ldapsam_create_user (pdb_ldap.c:5305)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 1
==28624==    at 0x56B4578: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20668 is 0 bytes inside a block of size 12 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B456E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x56B457B: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20670 is 8 bytes inside a block of size 12 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B456E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x568F88E: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f206e0 is 0 bytes inside a block of size 8 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8C0: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid free() / delete / delete[] / realloc()
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8AC: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20790 is 0 bytes inside a block of size 7 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8AC: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x568F8AD: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f206e4 is 4 bytes inside a block of size 8 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8C0: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid free() / delete / delete[] / realloc()
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8C0: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f206e0 is 0 bytes inside a block of size 8 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x568F8C0: ber_memvfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B458E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x56B4548: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20dd0 is 0 bytes inside a block of size 16 free'd
==28624==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==28624==    by 0x48777F7: realloc_array (util.c:754)
==28624==    by 0x5731BE1: smbldap_set_mod_internal (smbldap.c:325)
==28624==    by 0x5732166: smbldap_set_mod (smbldap.c:392)
==28624==    by 0x4AA410F: ldapsam_create_user (pdb_ldap.c:5305)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x56B454A: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f2066c is 4 bytes inside a block of size 12 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B456E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid free() / delete / delete[] / realloc()
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B455B: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f206a8 is 0 bytes inside a block of size 4 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B455B: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x56B455C: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20dd0 is 0 bytes inside a block of size 16 free'd
==28624==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==28624==    by 0x48777F7: realloc_array (util.c:754)
==28624==    by 0x5731BE1: smbldap_set_mod_internal (smbldap.c:325)
==28624==    by 0x5732166: smbldap_set_mod (smbldap.c:392)
==28624==    by 0x4AA410F: ldapsam_create_user (pdb_ldap.c:5305)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid free() / delete / delete[] / realloc()
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B456E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20668 is 0 bytes inside a block of size 12 free'd
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B456E: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x4AA46F2: ldapsam_create_user (pdb_ldap.c:5393)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid read of size 4
==28624==    at 0x56B456F: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20dd4 is 4 bytes inside a block of size 16 free'd
==28624==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==28624==    by 0x48777F7: realloc_array (util.c:754)
==28624==    by 0x5731BE1: smbldap_set_mod_internal (smbldap.c:325)
==28624==    by 0x5732166: smbldap_set_mod (smbldap.c:392)
==28624==    by 0x4AA410F: ldapsam_create_user (pdb_ldap.c:5305)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== Invalid free() / delete / delete[] / realloc()
==28624==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==28624==    by 0x568F820: ber_memfree_x (in
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==28624==    by 0x56B45AA: ldap_mods_free (in
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==28624==    by 0x5731A13: ldapmod_destructor (smbldap.c:266)
==28624==    by 0x4A64B53: _talloc_free_internal (talloc.c:1046)
==28624==    by 0x4A6592F: _talloc_free_children_internal (talloc.c:1525)
==28624==    by 0x4A64CB2: _talloc_free_internal (talloc.c:1072)
==28624==    by 0x4A65C9C: _talloc_free (talloc.c:1647)
==28624==    by 0x10C1DD: main (smbpasswd.c:631)
==28624==  Address 0x5f20dd0 is 0 bytes inside a block of size 16 free'd
==28624==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==28624==    by 0x48777F7: realloc_array (util.c:754)
==28624==    by 0x5731BE1: smbldap_set_mod_internal (smbldap.c:325)
==28624==    by 0x5732166: smbldap_set_mod (smbldap.c:392)
==28624==    by 0x4AA410F: ldapsam_create_user (pdb_ldap.c:5305)
==28624==    by 0x4AC046E: pdb_create_user (pdb_interface.c:542)
==28624==    by 0x4AB1401: local_password_change (passdb.c:745)
==28624==    by 0x10B4AB: password_change (smbpasswd.c:264)
==28624==    by 0x10BC87: process_root (smbpasswd.c:466)
==28624==    by 0x10C1AC: main (smbpasswd.c:627)
==28624== 
==28624== 
==28624== HEAP SUMMARY:
==28624==     in use at exit: 179,431 bytes in 953 blocks
==28624==   total heap usage: 6,467 allocs, 5,527 frees, 2,271,504 bytes
allocated
==28624== 
==28624== LEAK SUMMARY:
==28624==    definitely lost: 308 bytes in 1 blocks
==28624==    indirectly lost: 1,601 bytes in 19 blocks
==28624==      possibly lost: 35,708 bytes in 109 blocks
==28624==    still reachable: 141,814 bytes in 824 blocks
==28624==         suppressed: 0 bytes in 0 blocks
==28624== Rerun with --leak-check=full to see details of leaked memory
==28624== 
==28624== For counts of detected and suppressed errors, rerun with: -v
==28624== ERROR SUMMARY: 38 errors from 14 contexts (suppressed: 0 from 0)
root at testpdc:/usr/src/samba/samba-master#

Volker Lendecke

2016-Mar-06 14:12 UTC

head link

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

On Fri, Mar 04, 2016 at 04:16:44PM +0000, Rowland penny
wrote:> On 04/03/16 09:58, Volker Lendecke wrote:
> >On Fri, Mar 04, 2016 at 10:53:17AM +0100, Volker Lendecke wrote:
> >>On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny wrote:
> >>>OK, here is the output:
> >>Can you try the attached (UNTESTED!) patch?
> >>
> >>Thanks,
> >Gna, should have at least compiled it....
> >
> >New patch :-)
> >
> >Volker
> >
> 
> Sorry Volker, it didn't work :-(
> 
> It still segfaults and valgrind now shows more errors, see attached files
Hmm. Looked pretty closely, but I don't see how this can happen, and
I am out of the openldap config business long enough that I don't get
this set up quickly.

Can you run that under gdb? Set a breakpoint for
smbldap_talloc_autofree_ldapmod with

break smbldap_talloc_autofree_ldapmod
run -a ldap05

and when it hits the breakpoint, can you send me the output
of "bt full"?

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

Reasonably Related Threads

Search for more possibly parallel threads

samba - Mar 2016 - Segmentation Fault when trying to set root samba password, IPA as a backend

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

[Samba] Segmentation Fault when trying to set root samba password, IPA as a backend

Reasonably Related Threads