#2573 Use after free in proxy provider.
Closed: Fixed None Opened 4 years ago by lslebodn.

Valgrind output:

    ==32479== Invalid read of size 8
    ==32479==    at 0x131F275F: client_registration (proxy_init.c:474)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)
    ==32479==    by 0x89B5776: std_event_loop_wait (tevent_standard.c:140)
    ==32479==    by 0x529E255: server_loop (server.c:668)
    ==32479==    by 0x40DBC5: main (data_provider_be.c:2915)
    ==32479==  Address 0xb700858 is 104 bytes inside a block of size 136 free'd
    ==32479==    at 0x4C2AD17: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==32479==    by 0x8BBE462: _talloc_free (in /usr/lib64/libtalloc.so.2.1.1)
    ==32479==    by 0x52971A4: sbus_request_finish (sssd_dbus_request.c:95)
    ==32479==    by 0x529731A: sbus_request_return_and_finish (sssd_dbus_request.c:119)
    ==32479==    by 0x131F264D: client_registration (proxy_init.c:443)
    ==32479==    by 0x529709E: sbus_request_invoke_or_finish (sssd_dbus_request.c:69)
    ==32479==    by 0x52949B3: sbus_handler_got_caller_id (sssd_dbus_connection.c:555)
    ==32479==    by 0x89B27E3: tevent_common_loop_immediate (tevent_immediate.c:135)
    ==32479==    by 0x89B70CD: epoll_event_loop_once (tevent_epoll.c:907)
    ==32479==    by 0x89B57D6: std_event_loop_once (tevent_standard.c:114)
    ==32479==    by 0x89B1FBC: _tevent_loop_once (tevent.c:530)
    ==32479==    by 0x89B215A: tevent_common_loop_wait (tevent.c:634)

sssd.conf

[domain/PROXY]
id_provider = proxy
auth_provider = proxy
debug_level = 0xFFF0
proxy_lib_name = ldap
proxy_pam_target = sssdproxyldap
min_id = 1000
max_id = 1010

It is reproducible with each authentication.


Fields changed

owner: somebody => lslebodn
patch: 0 => 1
status: new => assigned

milestone: NEEDS_TRIAGE => SSSD 1.11.8
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @lslebodn:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.11.8

2 years ago

Login to comment on this ticket.

Metadata