On (02/08/16 18:40), Lukas Slebodnik wrote:
>On (02/08/16 15:54), Lukas Slebodnik wrote:
>>ehlo,
>>
>>attached two patches fix a crash in nss responder,
>>which was caused by recent Sumit's patches.
>>
>>The 1st patch cannot be applied to master because
>>I plan do do some changes in ldap integration tests in different thread.
>>But the patch with test is attached. So there will not be a such regressions
>>in future
>>
>Fabiano asked me to add valgring message from crash to the commit message.
>And I found another small valgrind issue in back-end
>
>Updated patch is attached.
>
There was a wrong author in the 2nd patch.
LS
>From fecf701a01cb96cf000f2a00d1435ee8e11848b4 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 15:20:35 +0200
Subject: [PATCH 1/3] SDAP: sanitize member name before using in filter
It caused an errors.
(Tue Aug 2 06:29:39 2016) [sssd[be[LDAP]]] [sysdb_cache_search_users]
(0x2000): Search users with filter:
(&(objectclass=user)(nameAlias=t(u)ser@ldap))
(Tue Aug 2 06:29:39 2016) [sssd[be[LDAP]]] [sysdb_cache_search_users]
(0x0080): Error: 5 (Input/output error)
---
src/providers/ldap/sdap_async_groups.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap_async_groups.c
b/src/providers/ldap/sdap_async_groups.c
index
102c1c0384be6da8732d56b7a318ded5a5132360..f19b68b8c403734f88b51a411ba0d009977d3491
100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1501,6 +1501,7 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
const char *filter;
const char *username;
const char *user_dn;
+ char *sanitized_name;
size_t count;
struct ldb_message **msgs = NULL;
static const char *attrs[] = { SYSDB_NAME, NULL };
@@ -1508,8 +1509,16 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
+ ret = sss_filter_sanitize(tmp_ctx, member_name, &sanitized_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to sanitize the given name:'%s'.\n", member_name);
+ goto done;
+ }
+
/* Check for the alias in the sysdb */
- filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS,
member_name);
+ filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME_ALIAS,
+ sanitized_name);
if (!filter) {
ret = ENOMEM;
goto done;
--
2.9.2
>From e1118badd8870f0afcdb2b6f59c0a5363ce5a8f1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Thu, 4 Aug 2016 08:50:50 +0200
Subject: [PATCH 2/3] SDAP: sysdb_search_users does not set users_count for
failures
==32577== Conditional jump or move depends on uninitialised value(s)
==32577== at 0x140DCE10: sdap_process_missing_member_2307
(sdap_async_groups.c:1556)
==32577== by 0x140DCE10: sdap_process_group_members_2307
(sdap_async_groups.c:1625)
==32577== by 0x140DCE10: sdap_process_group_send (sdap_async_groups.c:1298)
==32577== by 0x140DCE10: sdap_get_groups_process (sdap_async_groups.c:2130)
==32577== by 0x140CFDA8: generic_ext_search_handler.isra.3
(sdap_async.c:1688)
==32577== by 0x140D2416: sdap_get_generic_op_finished (sdap_async.c:1578)
==32577== by 0x140D0DFC: sdap_process_message (sdap_async.c:353)
==32577== by 0x140D0DFC: sdap_process_result (sdap_async.c:197)
==32577== by 0x8BF1B4E: tevent_common_loop_timer_delay (tevent_timed.c:341)
==32577== by 0x8BF2B59: epoll_event_loop_once (tevent_epoll.c:911)
==32577== by 0x8BF1256: std_event_loop_once (tevent_standard.c:114)
==32577== by 0x8BED40C: _tevent_loop_once (tevent.c:533)
==32577== by 0x8BED5AA: tevent_common_loop_wait (tevent.c:637)
==32577== by 0x8BF11F6: std_event_loop_wait (tevent_standard.c:140)
==32577== by 0x529DD02: server_loop (server.c:702)
==32577== by 0x110951: main (data_provider_be.c:587)
---
src/providers/ldap/sdap_async_groups.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/providers/ldap/sdap_async_groups.c
b/src/providers/ldap/sdap_async_groups.c
index
f19b68b8c403734f88b51a411ba0d009977d3491..72760b75acae4cb6ce15c72f16dae8e859d89847
100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -1553,7 +1553,7 @@ sdap_process_missing_member_2307(struct
sdap_process_group_state *state,
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Could not add group member %s\n",
username);
}
- } else if (ret == ENOENT || count == 0) {
+ } else if (ret == ENOENT) {
/* The entry really does not exist, add a ghost */
DEBUG(SSSDBG_TRACE_FUNC, "Adding a ghost entry\n");
ret = sdap_add_group_member_2307(state->ghost_dns, member_name);
--
2.9.2
>From 8fddfeaf084546faea207539831076cf3addc96c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lsleb...@redhat.com>
Date: Tue, 2 Aug 2016 15:20:19 +0200
Subject: [PATCH 3/3] SYSDB: Sanitize dn in sysdb_get_user_members_recursively
There was a crash in nss responder when a group contained
a user with special charactes which shoudl be sanitized before
using in filter.
==31651== Conditional jump or move depends on uninitialised value(s)
==31651== at 0x8BEA7DE: _talloc_steal_loc (talloc.c:1215)
==31651== by 0x5264889: sysdb_get_user_members_recursively (sysdb_ops.c:4759)
==31651== by 0x5278F61: sysdb_add_group_member_overrides (sysdb_views.c:1375)
==31651== by 0x526677C: sysdb_getgrnam_with_views (sysdb_search.c:799)
==31651== by 0x1172F6: nss_cmd_getgrnam_search (nsssrv_cmd.c:3168)
==31651== by 0x119C67: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1382)
==31651== by 0x10FD14: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:916)
==31651== by 0x12898B: sss_dp_internal_get_done (responder_dp.c:791)
==31651== by 0x58FF861: complete_pending_call_and_unlock
(dbus-connection.c:2314)
==31651== by 0x5902B50: dbus_connection_dispatch (dbus-connection.c:4580)
==31651== by 0x527F261: sbus_dispatch (sssd_dbus_connection.c:96)
==31651== by 0x89D8B4E: tevent_common_loop_timer_delay (tevent_timed.c:341)
---
src/db/sysdb_ops.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index
ed177d1730723a61e01167a75a0baca6d81252f8..342e16fb20e2c418745b137162425509ca1fd0cb
100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -4722,6 +4722,7 @@ errno_t sysdb_get_user_members_recursively(TALLOC_CTX
*mem_ctx,
struct ldb_result *res;
struct ldb_dn *base_dn;
char *filter;
+ char *sanitized_name;
const char *attrs[] = SYSDB_PW_ATTRS;
struct ldb_message **msgs;
@@ -4737,8 +4738,17 @@ errno_t sysdb_get_user_members_recursively(TALLOC_CTX
*mem_ctx,
goto done;
}
+ ret = sss_filter_sanitize(tmp_ctx, ldb_dn_get_linearized(group_dn),
+ &sanitized_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Failed to sanitize the given name:'%s'.\n",
+ ldb_dn_get_linearized(group_dn));
+ goto done;
+ }
+
filter = talloc_asprintf(tmp_ctx, "(&("SYSDB_UC")("SYSDB_MEMBEROF"=%s))",
- ldb_dn_get_linearized(group_dn));
+ sanitized_name);
if (filter == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
--
2.9.2
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
