#2573 Use after free in proxy provider.
Closed: Fixed None Opened 5 years ago by lslebodn.

Valgrind output:

    ==32479== Invalid read of size 8
    ==32479==    at 0x131F275F: client_registration (proxy_init.c:474)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)
    ==32479==    by 0x89B5776: std_event_loop_wait (tevent_standard.c:140)
    ==32479==    by 0x529E255: server_loop (server.c:668)
    ==32479==    by 0x40DBC5: main (data_provider_be.c:2915)
    ==32479==  Address 0xb700858 is 104 bytes inside a block of size 136 free'd
    ==32479==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==32479==    by 0x8BBE462: _talloc_free (in /usr/lib64/libtalloc.so.2.1.1)
    ==32479==    by 0x52971A4: sbus_request_finish (sssd_dbus_request.c:95)
    ==32479==    by 0x529731A: sbus_request_return_and_finish (sssd_dbus_request.c:119)
    ==32479==    by 0x131F264D: client_registration (proxy_init.c:443)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)

sssd.conf

[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
min_id = 1000
max_id = 1010

It is reproducible with each authentication.


Fields changed

owner: somebody => lslebodn
patch: 0 => 1
status: new => assigned

milestone: NEEDS_TRIAGE => SSSD 1.11.8
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.8

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3615

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata