ehlo,
Intention of ticket @2284 was to refactor function sysdb_attrs_get_el This would be a big change and it would not ne easy to backport patch to the branch sssd-1-11. The attached patch fixes prolem in simple way and patch can be easily applied on top of branch sssd-1-11
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct sysdb_attrs" if attribute is not among available attributes. Array will be enlarged with function talloc_realloc but realloc can move array to another place in memory therefore ldb_message_element should not be used after next call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found); sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found); With netgroups, it is common to omit user or host from netgroup triple. There is very high probability that realloc will be called. it is possible pointer user_found can refer to the old area after the second call of function sysdb_attrs_get_el.
Resolves: https://fedorahosted.org/sssd/ticket/2284
How to test? sh-4.2$ getent netgroup netgroup_user1 netgroup_user2 (-,usersssd01,example.com)
and run backend with valgrind
Result: --without patch: there are errors like in description of ticket https://fedorahosted.org/sssd/ticket/2284 --with patch: errors are gone
LS
On Wed, Mar 26, 2014 at 12:37:01PM +0100, Lukas Slebodnik wrote:
ehlo,
Intention of ticket @2284 was to refactor function sysdb_attrs_get_el This would be a big change and it would not ne easy to backport patch to the branch sssd-1-11. The attached patch fixes prolem in simple way and patch can be easily applied on top of branch sssd-1-11
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct sysdb_attrs" if attribute is not among available attributes. Array will be enlarged with function talloc_realloc but realloc can move array to another place in memory therefore ldb_message_element should not be used after next call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found); sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);With netgroups, it is common to omit user or host from netgroup triple. There is very high probability that realloc will be called. it is possible pointer user_found can refer to the old area after the second call of function sysdb_attrs_get_el.
Resolves: https://fedorahosted.org/sssd/ticket/2284
How to test? sh-4.2$ getent netgroup netgroup_user1 netgroup_user2 (-,usersssd01,example.com)
and run backend with valgrind
Result: --without patch: there are errors like in description of ticket https://fedorahosted.org/sssd/ticket/2284 --with patch: errors are gone
LS
Patch looks good and passes my tests, ACK. Pavel gave his ACK on irc as well.
bye, Sumit
On Wed, Mar 26, 2014 at 02:43:14PM +0100, Sumit Bose wrote:
On Wed, Mar 26, 2014 at 12:37:01PM +0100, Lukas Slebodnik wrote:
ehlo,
Intention of ticket @2284 was to refactor function sysdb_attrs_get_el This would be a big change and it would not ne easy to backport patch to the branch sssd-1-11. The attached patch fixes prolem in simple way and patch can be easily applied on top of branch sssd-1-11
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct sysdb_attrs" if attribute is not among available attributes. Array will be enlarged with function talloc_realloc but realloc can move array to another place in memory therefore ldb_message_element should not be used after next call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found); sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);With netgroups, it is common to omit user or host from netgroup triple. There is very high probability that realloc will be called. it is possible pointer user_found can refer to the old area after the second call of function sysdb_attrs_get_el.
Resolves: https://fedorahosted.org/sssd/ticket/2284
How to test? sh-4.2$ getent netgroup netgroup_user1 netgroup_user2 (-,usersssd01,example.com)
and run backend with valgrind
Result: --without patch: there are errors like in description of ticket https://fedorahosted.org/sssd/ticket/2284 --with patch: errors are gone
LS
Patch looks good and passes my tests, ACK. Pavel gave his ACK on irc as well.
bye, Sumit
Pushed to master and sssd-1-11
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Lukas Slebodnik -
Sumit Bose