Learn more about these different git repos.
Other Git URLs
The consistency checks for the memory cache records might lead to a false corruption detection if there is a hash collision.
E.g. if there is a hash collision between an entry with a very short name and another entry with a very long name the check in sss_mc_find_record()
if (key->len > strs_len || (name_ptr + key->len) > (strs_offset + strs_len) || (uint8_t *)rec->data + strs_offset + strs_len > max_addr) {
might fail if the entry with the short name is the first one found and key->len of the long (fully-qualified) name is larger then all strings of the entry with the sort name (gecos and shell might be empty).
This will cause an unneeded sss_mmap_cache_reset().
The checks including key->len should be removed at this point or the string comparison should be done before the consistency check best witn strncmp() and a suitable choosen size.
https://github.com/SSSD/sssd/pull/455
Metadata Update from @sbose: - Custom field patch adjusted to on
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.1 - Issue tagged with: PR, bug
Metadata Update from @jhrozek: - Issue assigned to sbose
Metadata Update from @sbose: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1490120
Issue linked to Bugzilla: Bug 1490120
And maybe also https://bugzilla.redhat.com/show_bug.cgi?id=1326007. We can link BZ later after confirmation that fix works.
master:
Additional fix from patchset for regression test
Since the PRs were merged, I'm going to close this ticket. Feel free to push back if this ticket was in fact waiting for another fix, but according to the PR, we're just waiting for a confirmation about sssd-1-13 backport.
Metadata Update from @jhrozek: - Issue priority set to: critical
sssd-1-14:
sssd-1-13:
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4595
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.