Issue #2573: Use after free in proxy provider. - sssd

SSSD / sssd

#2573 Use after free in proxy provider.

Closed: Fixed None Opened 9 years ago by lslebodn.

Valgrind output:

    ==32479== Invalid read of size 8
    ==32479==    at 0x131F275F: client_registration (proxy_init.c:474)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)
    ==32479==    by 0x89B5776: std_event_loop_wait (tevent_standard.c:140)
    ==32479==    by 0x529E255: server_loop (server.c:668)
    ==32479==    by 0x40DBC5: main (data_provider_be.c:2915)
    ==32479==  Address 0xb700858 is 104 bytes inside a block of size 136 free'd
    ==32479==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==32479==    by 0x8BBE462: _talloc_free (in /usr/lib64/libtalloc.so.2.1.1)
    ==32479==    by 0x52971A4: sbus_request_finish (sssd_dbus_request.c:95)
    ==32479==    by 0x529731A: sbus_request_return_and_finish (sssd_dbus_request.c:119)
    ==32479==    by 0x131F264D: client_registration (proxy_init.c:443)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)

sssd.conf

[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
min_id = 1000
max_id = 1010

It is reproducible with each authentication.

lslebodn commented 9 years ago

Fields changed

owner: somebody => lslebodn
patch: 0 => 1
status: new => assigned

jhrozek commented 9 years ago

master: 33889b2
sssd-1-12: 31dd2a8
sssd-1-11: 697d13a

milestone: NEEDS_TRIAGE => SSSD 1.11.8
resolution: => fixed
status: assigned => closed

jhrozek commented 9 years ago

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.8

7 years ago

pbrezina commented 3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3615

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata

Assignee

lslebodn

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

SSSD 1.11.8

type

defect

component

SSSD

version

1.11.7

selected

None

testsupdated

patch

rhbz

design_review

review

changelog

None

keywords

None

coverity

None

mark

blocking

None

design

None

sensitive

None

blockedby

None

feature_milestone

None

SSSD / sssd

Source Code

Documentation

#2573 Use after free in proxy provider. Closed: Fixed None Opened 9 years ago by lslebodn.

Metadata

#2573 Use after free in proxy provider.

Closed: Fixed None Opened 9 years ago by lslebodn.