Learn more about these different git repos.
Other Git URLs
I do not know how to reproduce
#0 0x00007f62e65347e5 in sdap_combine_filters_ex (mem_ctx=0x1bf27c0, operator=38 '&', base_filter=0x7f62e6bfcba3 "objectclass=ipaNTDomainAttrs", extra_filter= 0xf0 <Address 0xf0 out of bounds>) at src/providers/ldap/sdap_utils.c:160 No locals. #1 0x00007f62e6bca060 in ipa_subdomains_handler_get (ctx=0x1bf27c0, type=<value optimized out>) at src/providers/ipa/ipa_subdomains.c:729 req = <value optimized out> base = 0x1bc90b0 params = <value optimized out> __FUNCTION__ = "ipa_subdomains_handler_get" #2 0x00007f62e6bcbdb4 in ipa_get_view_name_done (req=0x0) at src/providers/ipa/ipa_subdomains.c:843 ret = 5 sret = <value optimized out> ctx = 0x1bf27c0 reply_count = <value optimized out> reply = 0x0 view_name = <value optimized out> dp_error = 3 __FUNCTION__ = "ipa_get_view_name_done" #3 0x0000003c52e04bde in tevent_req_finish (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:110 No locals. #4 _tevent_req_error (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:128 No locals. #5 0x00007f62e650845b in sdap_deref_search_done (subreq=0x0) at src/providers/ldap/sdap_async.c:2938 req = 0x172ac640 state = 0x17203ed0 ret = <value optimized out> __FUNCTION__ = "sdap_deref_search_done" #6 0x0000003c52e04bde in tevent_req_finish (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:110 No locals. #7 _tevent_req_error (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:128 No locals. #8 0x00007f62e6507c21 in generic_ext_search_handler (subreq=0x0, opts=<value optimized out>) at src/providers/ldap/sdap_async.c:1651 req = 0x172b5710 ret = 5 ref_count = <value optimized out> i = <value optimized out> refs = <value optimized out> __FUNCTION__ = "generic_ext_search_handler" #9 0x0000003c52e04bde in tevent_req_finish (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:110 No locals. #10 _tevent_req_error (req=<value optimized out>, error=<value optimized out>, location=<value optimized out>) at ../tevent_req.c:128 No locals. #11 0x00007f62e650bdd2 in sdap_get_generic_op_finished (op=<value optimized out>, reply=0x0, error=5, pvt=<value optimized out>) at src/providers/ldap/sdap_async.c:1454 req = 0x172b5930 state = 0x172b5ab0 errmsg = 0x0 refs = 0x0 result = <value optimized out> ret = <value optimized out> lret = <value optimized out> total_count = <value optimized out> cookie = {bv_len = 29250112, bv_val = 0x0} returned_controls = 0x0 page_control = <value optimized out> __FUNCTION__ = "sdap_get_generic_op_finished" #12 0x00007f62e650ccf9 in sdap_handle_release (mem=<value optimized out>) at src/providers/ldap/sdap_async.c:102 op = 0x172b6c20 #13 sdap_handle_destructor (mem=<value optimized out>) at src/providers/ldap/sdap_async.c:78 sh = 0x1be5180 #14 0x0000003c522025a4 in _talloc_free_internal (ptr=0x1be5180, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:826 d = 0x7f62e650cc90 <sdap_handle_destructor> tc = 0x1be5130 #15 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1be4eb0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1be5180 new_parent = 0x0 #16 _talloc_free_internal (ptr=0x1be4eb0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1be4e60 #17 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1bc5970, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1be4eb0 new_parent = 0x0 #18 _talloc_free_internal (ptr=0x1bc5970, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1bc5920 #19 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1bc7c20, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1bc5970 new_parent = 0x0 #20 _talloc_free_internal (ptr=0x1bc7c20, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1bc7bd0 #21 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1bc7ba0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1bc7c20 new_parent = 0x0 #22 _talloc_free_internal (ptr=0x1bc7ba0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1bc7b50 #23 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1bc51b0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1bc7ba0 new_parent = 0x0 #24 _talloc_free_internal (ptr=0x1bc51b0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1bc5160 #25 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1ba35d0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1bc51b0 new_parent = 0x0 #26 _talloc_free_internal (ptr=0x1ba35d0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1ba3580 #27 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1b9c900, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1ba35d0 new_parent = 0x0 #28 _talloc_free_internal (ptr=0x1b9c900, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1b9c8b0 #29 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1b9b590, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1b9c900 new_parent = 0x0 #30 _talloc_free_internal (ptr=0x1b9b590, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1b9b540 #31 0x0000003c52202323 in _talloc_free_children_internal (ptr=0x1b9b2b0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:1255 child = 0x1b9b590 new_parent = 0x0 #32 _talloc_free_internal (ptr=0x1b9b2b0, location=0x3c522082cb "../talloc.c:2261") at ../talloc.c:846 tc = 0x1b9b260 #33 0x0000003c4a635ae2 in __run_exit_handlers (status=0) at exit.c:78 atfct = <value optimized out> onfct = <value optimized out> cxafct = <value optimized out> f = <value optimized out> #34 exit (status=0) at exit.c:100 No locals. #35 0x0000003c51242365 in orderly_shutdown (status=0) at src/util/server.c:257 sent_sigterm = 0 __FUNCTION__ = "orderly_shutdown" #36 0x0000003c52e0675e in tevent_common_check_signal (ev=0x1b9b590) at ../tevent_signal.c:418 ofs = 0 j = <value optimized out> se = 0x1bd16e0 exists = 0x0 count = 1 sl = <value optimized out> next = 0x1b9c720 counter = {count = <value optimized out>, seen = 0} clear_processed_siginfo = <value optimized out> i = <value optimized out> #37 0x0000003c52e08f9b in epoll_event_loop (ev=<value optimized out>, location=<value optimized out>) at ../tevent_epoll.c:655 ret = -1 i = <value optimized out> timeout = <value optimized out> wait_errno = 4 events = {{events = 1, data = {ptr = 0x1bee250, fd = 29286992, u32 = 29286992, u64 = 29286992}}} #38 epoll_event_loop_once (ev=<value optimized out>, location=<value optimized out>) at ../tevent_epoll.c:931 epoll_ev = 0x1b9b7a0 tval = {tv_sec = 5, tv_usec = 999977} panic_triggered = false #39 0x0000003c52e072e6 in std_event_loop_once (ev=0x1b9b590, location=0x3c5125ce60 "src/util/server.c:673") at ../tevent_standard.c:112 glue_ptr = <value optimized out> glue = 0x1b9b670 ret = <value optimized out> #40 0x0000003c52e0349d in _tevent_loop_once (ev=0x1b9b590, location=0x3c5125ce60 "src/util/server.c:673") at ../tevent.c:530 ret = <value optimized out> nesting_stack_ptr = 0x0 #41 0x0000003c52e0351b in tevent_common_loop_wait (ev=0x1b9b590, location=0x3c5125ce60 "src/util/server.c:673") at ../tevent.c:634 ret = <value optimized out> #42 0x0000003c52e07256 in std_event_loop_wait (ev=0x1b9b590, location=0x3c5125ce60 "src/util/server.c:673") at ../tevent_standard.c:138 glue_ptr = <value optimized out> glue = 0x1b9b670 ret = <value optimized out> #43 0x0000003c51242283 in server_loop (main_ctx=0x1b9c900) at src/util/server.c:673 No locals. #44 0x000000000040a4b6 in main (argc=8, argv=<value optimized out>) at src/providers/data_provider_be.c:2829
Moving to Deferred until we have a reproducer as agreed on Mar-17 triage.
milestone: NEEDS_TRIAGE => SSSD Deferred
Fields changed
rhbz: => todo
Metadata Update from @lslebodn: - Issue set to the milestone: SSSD Patches welcome
address out of bounds.. Value of pointer is outside valid memory area of allocated to process. extra_filter= 0xf0 <Address 0xf0 out of bounds>
Somewhere caller of sdap_combine_filters_ex() is passing corrupted 4th argument const char *extra_filter. overwritten or freed not set to null.
Moreover Bug is raised 1 year ago. I am not able to find ipa_subdomains_handler_get() API in sssd-15.0, neither in 1.14.90. And donot have reproducer as well. May be to close this, since stack-trace has missing functions.
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Metadata Update from @pbrezina: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4015
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.