SSSD / sssd

Clone

#2284 Valgrind: Invalid read of int while processing netgroup
Closed: Fixed None Opened 10 years ago by lslebodn.

Closed: Fixed
Reopen Issue

Function sysdb_attrs_get_el_ext uses talloc_realloc. Realloc can return memory which does not have the same base address as argument ptr. Old pointer can refer to the wrong area. It can cause crash which could be difficult to reproduce.

==24061== Invalid read of size 4
==24061==    at 0x131B0B49: ipa_get_netgroups_process (ipa_netgroups.c:374)
==24061==    by 0x145B1162: sdap_get_generic_ext_done (sdap_async.c:1463)
==24061==    by 0x145B075F: sdap_process_result (sdap_async.c:356)
==24061==    by 0x4C2FFBE: tevent_common_loop_timer_delay (tevent_timed.c:341)
==24061==    by 0x4C30FC9: epoll_event_loop_once (tevent_epoll.c:912)
==24061==    by 0x4C2F6B6: std_event_loop_once (tevent_standard.c:112)
==24061==    by 0x4C2BF2C: _tevent_loop_once (tevent.c:530)
==24061==    by 0x4C2C0CA: tevent_common_loop_wait (tevent.c:634)
==24061==    by 0x4C2F656: std_event_loop_wait (tevent_standard.c:138)
==24061==    by 0x805DEC2: server_loop (server.c:587)
==24061==    by 0x10E452: main (data_provider_be.c:2817)
==24061==  Address 0x17c5bd10 is 272 bytes inside a block of size 288 free'd
==24061==    at 0x4A083AA: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24061==    by 0x4E3F20D: _talloc_realloc (talloc.c:1803)
==24061==    by 0x804150E: sysdb_attrs_get_el_ext (sysdb.c:317)
==24061==    by 0x131B0AD0: ipa_get_netgroups_process (ipa_netgroups.c:355)
==24061==    by 0x145B1162: sdap_get_generic_ext_done (sdap_async.c:1463)
==24061==    by 0x145B075F: sdap_process_result (sdap_async.c:356)
==24061==    by 0x4C2FFBE: tevent_common_loop_timer_delay (tevent_timed.c:341)
==24061==    by 0x4C30FC9: epoll_event_loop_once (tevent_epoll.c:912)
==24061==    by 0x4C2F6B6: std_event_loop_once (tevent_standard.c:112)
==24061==    by 0x4C2BF2C: _tevent_loop_once (tevent.c:530)
==24061==    by 0x4C2C0CA: tevent_common_loop_wait (tevent.c:634)
==24061==    by 0x4C2F656: std_event_loop_wait (tevent_standard.c:138)
==24061== 
==24061== Invalid read of size 4
==24061==    at 0x131B0B64: ipa_get_netgroups_process (ipa_netgroups.c:375)
==24061==    by 0x145B1162: sdap_get_generic_ext_done (sdap_async.c:1463)
==24061==    by 0x145B075F: sdap_process_result (sdap_async.c:356)
==24061==    by 0x4C2FFBE: tevent_common_loop_timer_delay (tevent_timed.c:341)
==24061==    by 0x4C30FC9: epoll_event_loop_once (tevent_epoll.c:912)
==24061==    by 0x4C2F6B6: std_event_loop_once (tevent_standard.c:112)
==24061==    by 0x4C2BF2C: _tevent_loop_once (tevent.c:530)
==24061==    by 0x4C2C0CA: tevent_common_loop_wait (tevent.c:634)
==24061==    by 0x4C2F656: std_event_loop_wait (tevent_standard.c:138)
==24061==    by 0x805DEC2: server_loop (server.c:587)
==24061==    by 0x10E452: main (data_provider_be.c:2817)
==24061==  Address 0x17c5bcb0 is 176 bytes inside a block of size 288 free'd
==24061==    at 0x4A083AA: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24061==    by 0x4E3F20D: _talloc_realloc (talloc.c:1803)
==24061==    by 0x804150E: sysdb_attrs_get_el_ext (sysdb.c:317)
==24061==    by 0x131B0AD0: ipa_get_netgroups_process (ipa_netgroups.c:355)
==24061==    by 0x145B1162: sdap_get_generic_ext_done (sdap_async.c:1463)
==24061==    by 0x145B075F: sdap_process_result (sdap_async.c:356)
==24061==    by 0x4C2FFBE: tevent_common_loop_timer_delay (tevent_timed.c:341)
==24061==    by 0x4C30FC9: epoll_event_loop_once (tevent_epoll.c:912)
==24061==    by 0x4C2F6B6: std_event_loop_once (tevent_standard.c:112)
==24061==    by 0x4C2BF2C: _tevent_loop_once (tevent.c:530)
==24061==    by 0x4C2C0CA: tevent_common_loop_wait (tevent.c:634)
==24061==    by 0x4C2F656: std_event_loop_wait (tevent_standard.c:138)

Fields changed

owner: somebody => mzidek

Fields changed

summary: Valgring: Invalid read of int while processing netgroup => Valgrind: Invalid read of int while processing netgroup

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11.5
priority: major => blocker

Fields changed

owner: mzidek => lslebodn
patch: 0 => 1

resolution: => fixed
status: new => closed

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.5
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3326

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
blocker
defect
SSSD
1.11.4
None
0
1
https://bugzilla.redhat.com/show_bug.cgi?id=1078877
0
0
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.