Project

General

Profile

Bug #8543

nss_ldap crashes handling a group with no gidnumber attribute

Added by Jonathan Matthew about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
2017-07-27
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

When fetching group memberships for a user, if the user is a member of a group that does not have a gidnumber attribute, getgrent.c:getbymember will dereference a NULL pointer because it doesn't check the return value from __ns_ldap_getAttr here: https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/nsswitch/ldap/common/getgrent.c#L374

As far as I can tell, every other call to __ns_ldap_getAttr has an 'if (result NULL || result[0] NULL)' immediately afterwards.


Related issues

Has duplicate illumos gate - Bug #8533: ldap client causes smbd to crash / hangClosed2017-07-25

Actions

History

#1

Updated by Yuri Pankov about 2 years ago

  • Category set to lib - userland libraries
  • Status changed from New to In Progress
  • Assignee set to Yuri Pankov
  • % Done changed from 0 to 90
  • Tags deleted (needs-triage)

taking, we have a fix for this.

#2

Updated by Yuri Pankov about 2 years ago

  • Has duplicate Bug #8533: ldap client causes smbd to crash / hang added
#3

Updated by Electric Monk about 2 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit a3bcc60de108dc761615b2b9561d6dc76971f471

commit  a3bcc60de108dc761615b2b9561d6dc76971f471
Author: Matt Barden <matt.barden@nexenta.com>
Date:   2017-07-28T21:27:57.000Z

    8543 nss_ldap crashes handling a group with no gidnumber attribute
    Reviewed by: Evan Layton <evan.layton@nexenta.com>
    Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Also available in: Atom PDF