[SCM] Samba Shared Repository - branch master updated

Fri, 03 May 2024 05:21:15 -0700 

The branch, master has been updated
       via  c5a1c8d45b9 s4:dsdb: Fix stack use after scope in 
gkdi_create_root_key()
      from  6bf51860a00 smbd: Remove unused [push_pull]_file_id_24

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c5a1c8d45b9e87ff4ab9785fe50b6efc8ffa396c
Author: Andreas Schneider <a...@samba.org>
Date:   Tue Apr 30 09:16:40 2024 +0200

    s4:dsdb: Fix stack use after scope in gkdi_create_root_key()
    
    ==20978==ERROR: AddressSanitizer: stack-use-after-scope on address 
0x7f4f91ff51a0 at pc 0x7f4f94cf93d6 bp 0x7ffdb90fc510 sp 0x7ffdb90fbcd0
    READ of size 64 at 0x7f4f91ff51a0 thread T0
        #0 0x7f4f94cf93d5 in memcpy 
../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
        #1 0x7f4f933bdb67 in ldb_val_dup ../../lib/ldb/common/ldb_msg.c:325
        #2 0x7f4f933c11d1 in ldb_msg_copy ../../lib/ldb/common/ldb_msg.c:1182
        #3 0x7f4f933c13d2 in ldb_msg_normalize 
../../lib/ldb/common/ldb_msg.c:1235
        #4 0x7f4f933ab556 in ldb_request ../../lib/ldb/common/ldb.c:1196
        #5 0x7f4f8e82b1d4 in dsdb_autotransaction_request 
../../source4/dsdb/common/util.c:1220
        #6 0x7f4f8e831c8a in dsdb_add ../../source4/dsdb/common/util.c:5354
        #7 0x7f4f8e853a01 in gkdi_create_root_key 
../../source4/dsdb/gmsa/gkdi.c:493
        #8 0x7f4f8e853a01 in gkdi_new_root_key 
../../source4/dsdb/gmsa/gkdi.c:551
        #9 0x7f4f8cd4ca52 in py_dsdb_create_gkdi_root_key 
../../source4/dsdb/pydsdb.c:1388
        #10 0x7f4f947ce01c  (/lib64/libpython3.11.so.1.0+0x1ce01c) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #11 0x7f4f947de4c0 in _PyObject_Call 
(/lib64/libpython3.11.so.1.0+0x1de4c0) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #12 0x7f4f947be6ca in _PyEval_EvalFrameDefault 
(/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #13 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #14 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #15 0x7f4f947be6ca in _PyEval_EvalFrameDefault 
(/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #16 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #17 0x7f4f947edabb  (/lib64/libpython3.11.so.1.0+0x1edabb) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #18 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #19 0x7f4f947be6ca in _PyEval_EvalFrameDefault 
(/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #20 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #21 0x7f4f947ed9fb  (/lib64/libpython3.11.so.1.0+0x1ed9fb) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #22 0x7f4f947be6ca in _PyEval_EvalFrameDefault 
(/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #23 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #24 0x7f4f947be6ca in _PyEval_EvalFrameDefault 
(/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #25 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #26 0x7f4f94839997 in PyEval_EvalCode 
(/lib64/libpython3.11.so.1.0+0x239997) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #27 0x7f4f94856862  (/lib64/libpython3.11.so.1.0+0x256862) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #28 0x7f4f94852e59  (/lib64/libpython3.11.so.1.0+0x252e59) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #29 0x7f4f94868fb1  (/lib64/libpython3.11.so.1.0+0x268fb1) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #30 0x7f4f948687a3 in _PyRun_SimpleFileObject 
(/lib64/libpython3.11.so.1.0+0x2687a3) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #31 0x7f4f94868453 in _PyRun_AnyFileObject 
(/lib64/libpython3.11.so.1.0+0x268453) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #32 0x7f4f94861c53 in Py_RunMain (/lib64/libpython3.11.so.1.0+0x261c53) 
(BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #33 0x7f4f94829996 in Py_BytesMain 
(/lib64/libpython3.11.so.1.0+0x229996) (BuildId: 
170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
        #34 0x7f4f9422a1ef in __libc_start_call_main 
../sysdeps/nptl/libc_start_call_main.h:58
        #35 0x7f4f9422a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
        #36 0x5604497e3084 in _start (/usr/bin/python3.11+0x1084) (BuildId: 
f5d6e3bdbf9098a6ddde0b7f2e07ffc9ad1b1dc3)
    
    Address 0x7f4f91ff51a0 is located in stack of thread T0 at offset 416 in 
frame
        #0 0x7f4f8e852b37 in gkdi_new_root_key 
../../source4/dsdb/gmsa/gkdi.c:537
    
      This frame has 12 object(s):
        [32, 40) 'root_key_dn' (line 539)
        [64, 72) 'res' (line 540)
        [96, 104) 'server_config_res' (line 118)
        [128, 136) 'kdf_algorithm' (line 128)
        [160, 168) 'domain_dn' (line 388)
        [192, 208) 'kdf_parameters_blob' (line 129)
        [224, 240) 'root_key_data_blob' (line 353)
        [256, 272) 'guid_blob' (line 467)
        [288, 312) 'kdf_parameters' (line 226)
        [352, 368) 'root_key_id' (line 116)
        [384, 400) 'guid_buf' (line 466)
        [416, 480) 'root_key_data' (line 352) <== Memory access at offset 416 
is inside this variable
    
    Signed-off-by: Andreas Schneider <a...@samba.org>
    Reviewed-by: Joseph Sutton <jsut...@samba.org>
    
    Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
    Autobuild-Date(master): Fri May  3 12:20:55 UTC 2024 on atb-devel-224

-----------------------------------------------------------------------

Summary of changes:
 source4/dsdb/gmsa/gkdi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/gmsa/gkdi.c b/source4/dsdb/gmsa/gkdi.c
index 5aa675b67f3..7acc1b4996e 100644
--- a/source4/dsdb/gmsa/gkdi.c
+++ b/source4/dsdb/gmsa/gkdi.c
@@ -128,6 +128,7 @@ static int gkdi_create_root_key(TALLOC_CTX *mem_ctx,
        struct KdfAlgorithm kdf_algorithm;
        DATA_BLOB kdf_parameters_blob = data_blob_null;
        struct ldb_message *add_msg = NULL;
+       uint8_t root_key_data[GKDI_KEY_LEN];
        NTSTATUS status = NT_STATUS_OK;
        int ret = LDB_SUCCESS;
 
@@ -349,7 +350,6 @@ static int gkdi_create_root_key(TALLOC_CTX *mem_ctx,
        }
 
        {
-               uint8_t root_key_data[GKDI_KEY_LEN];
                const DATA_BLOB root_key_data_blob = {
                        .data = root_key_data, .length = sizeof root_key_data};
 


-- 
Samba Shared Repository

Reply via email to