Fwd: Fwd: OpenBSD 6.6 snapsot and samba's net utility

Fri, 04 Oct 2019 04:01:57 -0700 

---------- Forwarded message ---------
От: dmitry.sensei <[email protected]>
Date: пт, 4 окт. 2019 г. в 15:56
Subject: Re: Fwd: OpenBSD 6.6 snapsot and samba's net utility
To: Stuart Henderson <[email protected]>


ORLOV-NB# egdb /usr/local/bin/net

GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-openbsd6.6".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/net...(no debugging symbols
found)...done.
(gdb) set args ads testjoin
(gdb) run
Starting program: /usr/local/bin/net ads testjoin
net(12241) in free(): bogus pointer (double free?) 0xffffffffffffffff

Program received signal SIGABRT, Aborted.
thrkill () at -:3
3       -: No such file or directory.
(gdb) bt full
#0  thrkill () at -:3
No locals.
#1  0x0000039c9afc48ee in _libc_abort () at
/usr/src/lib/libc/stdlib/abort.c:51
        mask = 4294967263
        sa = <optimized out>
#2  0x0000039c9afba046 in wrterror (d=0x39d413b2a20, msg=0x39c9af5497c
"bogus pointer (double free?) %p")
    at /usr/src/lib/libc/stdlib/malloc.c:300
        ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7f7ffffe2bc0, reg_save_area = 0x7f7ffffe2ac0}}
        saved_errno = 0
#3  0x0000039c9afbd229 in findpool (p=0xffffffffffffffff,
argpool=<optimized out>, foundpool=0x7f7ffffe2c40,
    saved_function=0x7f7ffffe2c48) at /usr/src/lib/libc/stdlib/malloc.c:1355
        nmutexes = <optimized out>
        i = <optimized out>
        pool = <optimized out>
        r = <optimized out>
#4  0x0000039c9afba35a in ofree (argpool=0x7f7ffffe2ca0,
p=0xffffffffffffffff, clear=0, check=0, argsz=0)
    at /usr/src/lib/libc/stdlib/malloc.c:1369
        pool = 0x7f7ffffe2cf0
        saved_function = 0x39ce9252355 <ber_get_next+1333>
"H\205\300\017\216\250"
        r = <optimized out>
        sz = <optimized out>
#5  0x0000039c9afba290 in free (ptr=0xffffffffffffffff) at
/usr/src/lib/libc/stdlib/malloc.c:1488
        saved_errno = 0
        d = 0x39d413b2a20
#6  0x0000039d60224933 in ldap_free_request_int () from
/usr/local/lib/libldap.so.13.1
No symbol table info available.
#7  0x0000039d60210384 in ldap_result () from /usr/local/lib/libldap.so.13.1
No symbol table info available.
#8  0x0000039d6021254a in ldap_pvt_search_s () from
/usr/local/lib/libldap.so.13.1
No symbol table info available.
#9  0x0000039d60212495 in ldap_search_ext_s () from
/usr/local/lib/libldap.so.13.1
No symbol table info available.
#10 0x0000039cd4a6e9d8 in ldap_search_with_timeout () from
/usr/local/lib/samba/libads-samba4.so
No symbol table info available.
#11 0x0000039cd4a6e83b in ads_do_search () from
/usr/local/lib/samba/libads-samba4.so
No symbol table info available.
#12 0x0000039cd4a6d631 in ads_current_time () from
/usr/local/lib/samba/libads-samba4.so
No symbol table info available.
#13 0x0000039cd4a6cc9b in ads_connect () from
/usr/local/lib/samba/libads-samba4.so
---Type <return> to continue, or q <return> to quit---
No symbol table info available.
#14 0x0000039a75eef094 in ads_startup_int ()
No symbol table info available.
#15 0x0000039a75ef0543 in net_ads_testjoin ()
No symbol table info available.
#16 0x0000039a75ef1acc in net_ads ()
No symbol table info available.
#17 0x0000039a75eedbc4 in main ()
No symbol table info available.
(gdb)

пт, 4 окт. 2019 г. в 15:53, dmitry.sensei <[email protected]>:

> What is "bt full"?
>
> пт, 4 окт. 2019 г. в 15:49, Stuart Henderson <[email protected]>:
>
>> [trimmed CC list - please don't copy both misc@ and ports@]
>>
>> Like I mentioned in my first mail:
>>
>> bt full
>>
>>
>>
>> On 2019/10/04 14:48, dmitry.sensei wrote:
>> > ORLOV-NB# egdb /usr/local/bin/net
>> > GNU gdb (GDB) 7.12.1
>> > Copyright (C) 2017 Free Software Foundation, Inc.
>> > License GPLv3+: GNU GPL version 3 or later <
>> http://gnu.org/licenses/gpl.html>
>> > This is free software: you are free to change and redistribute it.
>> > There is NO WARRANTY, to the extent permitted by law.  Type "show
>> copying"
>> > and "show warranty" for details.
>> > This GDB was configured as "x86_64-unknown-openbsd6.6".
>> > Type "show configuration" for configuration details.
>> > For bug reporting instructions, please see:
>> > <http://www.gnu.org/software/gdb/bugs/>.
>> > Find the GDB manual and other documentation resources online at:
>> > <http://www.gnu.org/software/gdb/documentation/>.
>> > For help, type "help".
>> > Type "apropos word" to search for commands related to "word"...
>> > Reading symbols from /usr/local/bin/net...(no debugging symbols
>> found)...done.
>> > (gdb) set args ads testjoin
>> > (gdb) run
>> > Starting program: /usr/local/bin/net ads testjoin
>> > net(20104) in free(): bogus pointer (double free?) 0xffffffffffffffff
>> >
>> > Program received signal SIGABRT, Aborted.
>> > thrkill () at -:3
>> > 3       -: No such file or directory.
>> > (gdb)
>> >
>> > пт, 4 окт. 2019 г. в 14:31, Stuart Henderson <[email protected]>:
>> >
>> >     On 2019/10/04 14:25, dmitry.sensei wrote:
>> >     > How to debug net with parameters&
>> >     >
>> >     > пт, 4 окт. 2019 г. в 13:49, Stuart Henderson <[email protected]
>> >:
>> >     >
>> >     >     On 2019/10/04 08:32, Sebastien Marie wrote:
>> >     >     > On Fri, Oct 04, 2019 at 09:24:12AM +0500, dmitry.sensei
>> wrote:
>> >     >     > > Bugged net utility from samba package/
>> >     >     > > ktrace is attached
>> >     >     >
>> >     >     > PLEASE DON'T SEND RAW KTRACE DATA ! (it would be the same
>> for core file too).
>> >     >     >
>> >     >     > in case you don't figure, you send to everyone a trace of
>> all syscalls with
>> >     >     > arguments and return of what the program did, including:
>> >     >     >
>> >     >     > - file description and content for any opened file (hello
>> >     >     >   /var/samba/private/secrets.tdb and /etc/samba/smb.conf)
>> >     >     > - all network communication with the program (hello ldap,
>> kerberos and smb
>> >     >     >   services)
>> >     >     >
>> >     >     > It means that any secrets in readed file or sent/received
>> on the network should
>> >     >     > be considered compromised.
>> >     >     >
>> >     >     > Just don't do that.
>> >     >     >
>> >     >     > Thanks.
>> >     >     > --
>> >     >     > Sebastien Marie
>> >     >     >
>> >     >
>> >     >     Plus, it's not really useful anyway. A backtrace would be the
>> normal
>> >     >     starting point for a segfault. (In case "gdb" in base doesn't
>> work,
>> >     >     pkg_add gdb and use "egdb" instead).
>> >     >
>> >     >     egdb `which net` net.core
>> >     >     bt full
>> >     >
>> >     >
>> >     >
>> >     >
>> >     > --
>> >     > Dmitry Orlov
>> >
>> >     The command I showed is to look at the coredump from your previous
>> crash which
>> >     already happened with parameters.
>> >
>> >     If you need to run it "live" in gdb then omit "net.core" from the
>> command line
>> >     and use "set args <whatever>" and "run".
>> >
>> >
>> >
>> >
>> > --
>> > Dmitry Orlov
>>
>
>
> --
> Dmitry Orlov
>


-- 
Dmitry Orlov


-- 
Dmitry Orlov

Reply via email to