forwarded 522907 https://bugzilla.samba.org/show_bug.cgi?id=6279 tags 522907 lenny patch thanks
Quoting Francis Brosnan Blazquez (fran...@aspl.es): > Taking the backtrace and the data I've provided it's more than clear it > does fix the bug. > > Anyway, just to confirm the bug keeps on breaking winbind instances with > latest winbind (samba) version: 3.2.5-4lenny2. > > Digging more into the problem, it is clear that the winbind/libads check > done at line (samba-3.2.5/source/libads/ldap.c:777) is wrong because > ldap_search_ext_s (the function used by libads's > ldap_search_with_timeout) may return zero in cases where a timeout is > found. > > Please check openldap_2.4.11.orig/libraries/libldap/search.c:144 to see > how it is implemented (openldap) ldap_search_ext_s. > > As a consequence, libads code is not properly checking the result > returned by ldap_search_with_timeout, and it must also check for NULL > reference as the patch suggest (not only the rc value). > > I've checked official source code from samba 3.3.3 and 3.2.11 and the > error is still there. I've placed a bug report at: > > https://bugzilla.samba.org/show_bug.cgi?id=6279 Thanks for all that work...that makes our work much easier..:-) Recording this as fixed in lenny. Reading the upstream bug, I can't really confirm that Jeremy's patch is working more than you did. So, if Jeremy's patch is fixing the problem, then we should apply it. From the bug's description, I think it's worth fixing.
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index 9eae2d4..8c37bfb 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -118,6 +118,10 @@ static int ldap_search_with_timeout(LDAP *ld,
if (gotalarm != 0)
return LDAP_TIMELIMIT_EXCEEDED;
+ if (*res == NULL) {
+ return LDAP_TIMELIMIT_EXCEEDED;
+ }
+
return result;
}
signature.asc
Description: Digital signature
