Learn more about these different git repos.
Other Git URLs
We have a use-after-free situation in the dyndns code, found by Chris Hartman and reported on sssd-users:
==13038== 1 errors in context 9 of 14: ==13038== Invalid read of size 1 ==13038== at 0x807C747: resolv_get_string_ptr_address (async_resolv.c:1442) ==13038== by 0x8069777: be_nsupdate_create_ptr_msg (dp_dyndns.c:366) ==13038== by 0x54F824E: sdap_dyndns_update_ptr_step (sdap_dyndns.c:402) ==13038== by 0x54F8663: sdap_dyndns_update_done (sdap_dyndns.c:378) ==13038== by 0x4051D7A: _tevent_req_notify_callback (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x4051DB9: _tevent_req_done (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x8067CF3: be_nsupdate_done (dp_dyndns.c:1093) ==13038== by 0x4051D7A: _tevent_req_notify_callback (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x4051DB9: _tevent_req_done (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x8068347: nsupdate_child_handler (dp_dyndns.c:915) ==13038== by 0x4197163: child_invoke_callback (child_common.c:603) ==13038== by 0x4051577: tevent_common_loop_immediate (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== Address 0x6b086af is 55 bytes inside a block of size 176 free'd ==13038== at 0x402B3D8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==13038== by 0x40622B2: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.0) ==13038== by 0x406223E: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.0) ==13038== by 0x406223E: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.0) ==13038== by 0x405EA0E: _talloc_free (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.0) ==13038== by 0x54F7101: sdap_dyndns_dns_addrs_done (sdap_dyndns.c:207) ==13038== by 0x4051D7A: _tevent_req_notify_callback (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x4051DB9: _tevent_req_done (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x8067483: nsupdate_get_addrs_done (dp_dyndns.c:726) ==13038== by 0x4051D7A: _tevent_req_notify_callback (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x4051DB9: _tevent_req_done (in /usr/lib/i386-linux-gnu/libtevent.so.0.9.19) ==13038== by 0x807A079: resolv_gethostbyname_done (async_resolv.c:1367) ==13038== ==13038==
Adding link to mail with valgrind log file https://lists.fedorahosted.org/pipermail/sssd-users/2014-August/002065.html
Fields changed
owner: somebody => pbrezina status: new => assigned
owner: pbrezina => lslebodn status: assigned => new
patch: 0 => 1 status: new => assigned
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1132361
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1132361 1132361]
milestone: NEEDS_TRIAGE => SSSD 1.11.7
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to lslebodn - Issue set to the milestone: SSSD 1.11.7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3447
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.