[SSSD] [sssd PR#89][comment] nss: rewrite nss responder so it uses cache_req

Thu, 08 Dec 2016 00:51:07 -0800 

  URL: https://github.com/SSSD/sssd/pull/89
Title: #89: nss: rewrite nss responder so it uses cache_req

lslebodn commented:
"""
Looks like there is use after free in latest version. sorry do not have a 
reproducer yet; just a valgrind output
```
==6612== 18 errors in context 1 of 1:
==6612== Invalid read of size 8
==6612==    at 0x408748: nss_setent_internal_done (nss_enum.c:173)
==6612==    by 0x419A19: cache_req_done (cache_req.c:690)
==6612==    by 0x41A6B5: cache_req_search_done (cache_req_search.c:409)
==6612==    by 0x415C8D: sss_dp_internal_get_done (responder_dp.c:813)
==6612==    by 0x32C320E619: complete_pending_call_and_unlock 
(dbus-connection.c:2234)
==6612==    by 0x32C321086E: dbus_connection_dispatch (dbus-connection.c:4397)
==6612==    by 0x5068D7C: sbus_dispatch (sssd_dbus_connection.c:96)
==6612==    by 0x32C4E08CC0: tevent_common_loop_timer_delay (tevent_timed.c:341)
==6612==    by 0x32C4E09D01: epoll_event_loop_once (tevent_epoll.c:911)
==6612==    by 0x32C4E08335: std_event_loop_once (tevent_standard.c:114)
==6612==    by 0x32C4E03C3C: _tevent_loop_once (tevent.c:533)
==6612==    by 0x32C4E03CBA: tevent_common_loop_wait (tevent.c:637)
==6612==  Address 0xedcb820 is 544 bytes inside a block of size 805 free'd
==6612==    at 0x4A06430: free (vg_replace_malloc.c:446)
==6612==    by 0x32C0E07886: _talloc_free_internal (talloc.c:1116)
==6612==    by 0x4077A7: nss_setnetgrent_done (nss_cmd.c:566)
==6612==    by 0x408747: nss_setent_internal_done (nss_enum.c:172)
==6612==    by 0x419A19: cache_req_done (cache_req.c:690)
==6612==    by 0x41A6B5: cache_req_search_done (cache_req_search.c:409)
==6612==    by 0x415C8D: sss_dp_internal_get_done (responder_dp.c:813)
==6612==    by 0x32C320E619: complete_pending_call_and_unlock 
(dbus-connection.c:2234)
==6612==    by 0x32C321086E: dbus_connection_dispatch (dbus-connection.c:4397)
==6612==    by 0x5068D7C: sbus_dispatch (sssd_dbus_connection.c:96)
==6612==    by 0x32C4E08CC0: tevent_common_loop_timer_delay (tevent_timed.c:341)
==6612==    by 0x32C4E09D01: epoll_event_loop_once (tevent_epoll.c:911)
```
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/89#issuecomment-265686249

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to