ehlo,
Use after free can happed if there are two domains and user is not found in the first one.
LS
On (12/08/15 14:17), Jakub Hrozek wrote:
On Mon, Aug 10, 2015 at 06:38:29AM +0200, Lukas Slebodnik wrote:
ehlo,
Use after free can happed if there are two domains and user is not found in the first one.
LS
Would it be possible to write a testcase in the NSS responder test?
It requires multi domain setup. So I created different test. My intention was to cover most test cases and not just initgroups, But attached ins a POC patch which prove there is a use after free. make check passes; you need to test with valgrind. libtool --mode=execute valgrind -v ./nss-srv-multi-tests
Would you prefer to use current version of patch and add othter test cases later? (it will take some time) or current version is enought for fix?
LS
On Thu, Aug 13, 2015 at 07:41:02AM +0200, Lukas Slebodnik wrote:
On (12/08/15 14:17), Jakub Hrozek wrote:
On Mon, Aug 10, 2015 at 06:38:29AM +0200, Lukas Slebodnik wrote:
ehlo,
Use after free can happed if there are two domains and user is not found in the first one.
LS
Would it be possible to write a testcase in the NSS responder test?
It requires multi domain setup. So I created different test. My intention was to cover most test cases and not just initgroups, But attached ins a POC patch which prove there is a use after free. make check passes; you need to test with valgrind. libtool --mode=execute valgrind -v ./nss-srv-multi-tests
Would you prefer to use current version of patch and add othter test cases later? (it will take some time) or current version is enought for fix?
Ideally I think we should have only one NSS responder test, otherwise we would end up adding some testcases to one test and not the other...but I haven't tried, so I don't know how easy or hard that is.
ACK to your crash patch, I'll push it and apply to downstream.
On Wed, Aug 19, 2015 at 11:15:16PM +0200, Jakub Hrozek wrote:
On Thu, Aug 13, 2015 at 07:41:02AM +0200, Lukas Slebodnik wrote:
On (12/08/15 14:17), Jakub Hrozek wrote:
On Mon, Aug 10, 2015 at 06:38:29AM +0200, Lukas Slebodnik wrote:
ehlo,
Use after free can happed if there are two domains and user is not found in the first one.
LS
Would it be possible to write a testcase in the NSS responder test?
It requires multi domain setup. So I created different test. My intention was to cover most test cases and not just initgroups, But attached ins a POC patch which prove there is a use after free. make check passes; you need to test with valgrind. libtool --mode=execute valgrind -v ./nss-srv-multi-tests
Would you prefer to use current version of patch and add othter test cases later? (it will take some time) or current version is enought for fix?
Ideally I think we should have only one NSS responder test, otherwise we would end up adding some testcases to one test and not the other...but I haven't tried, so I don't know how easy or hard that is.
ACK to your crash patch, I'll push it and apply to downstream.
Sorry, I forgot to send push-mail: b9901fe3d6cfe05cd75a2440c0f9c7985aea36c6
sssd-devel@lists.fedorahosted.org