A RHEL customer was hitting this issue. To reproduce, just enable the matching rule and request an empty group.
>From 143f2b5a87208508d2c5acb4dd7866c3ea52857c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 18 Nov 2013 16:38:34 +0100 Subject: [PATCH] LDAP: Initialize user count for AD matching rule
https://fedorahosted.org/sssd/ticket/2157 If AD matching rule was selected, but the group was empty, the SSSD accessed random data. Initializing count to zero prevents that. --- src/providers/ldap/sdap_async_groups.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index ff4f1bbc1601b494d966c09b4d7af93cd8721d5b..53bae77493154898fa2b5607af416f30d1a2d64c 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1828,7 +1828,7 @@ static void sdap_ad_match_rule_members_process(struct tevent_req *subreq) struct sysdb_attrs *group = state->groups[0]; struct ldb_message_element *member_el; struct ldb_message_element *orig_dn_el; - size_t count; + size_t count = 0; size_t i; hash_table_t *ghosts; -- 1.8.3.1
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel