diff options
author | Ralph Boehme <slow@samba.org> | 2023-01-05 16:25:11 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2023-01-06 15:04:46 +0000 |
commit | 7545e2c77b69fc57e436e3ed298fdb68033ce49f (patch) | |
tree | fe9043ae06da7be28f0673b3fd3c0cc76067cc80 /nsswitch | |
parent | 0d096931196524a2d1bf59470bc629dc9231131e (diff) | |
download | samba-7545e2c77b69fc57e436e3ed298fdb68033ce49f.tar.gz |
nsswitch: avoid calling pthread_getspecific() on an uninitialized key
Found by ASAN:
$ bin/stress-nss-libwbclient
...
==1639426==ERROR: AddressSanitizer: unknown-crash on address 0x7f3907d85000 at pc 0x7f3907d649fb bp 0x7ffc6545f5b0 sp 0x7ffc6545f5a8
READ of size 4 at 0x7f3907d85000 thread T0
#0 0x7f3907d649fa in winbind_close_sock ../../nsswitch/wb_common.c:220
#1 0x7f3907d65866 in winbind_destructor ../../nsswitch/wb_common.c:246
#2 0x7f3907da5d3d in _dl_fini /usr/src/debug/glibc-2.35-20.fc36.x86_64/elf/dl-fini.c:142
#3 0x7f3907241044 in __run_exit_handlers (/lib64/libc.so.6+0x41044)
#4 0x7f39072411bf in exit (/lib64/libc.so.6+0x411bf)
#5 0x7f3907229516 in __libc_start_call_main (/lib64/libc.so.6+0x29516)
#6 0x7f39072295c8 in __libc_start_main_impl (/lib64/libc.so.6+0x295c8)
#7 0x56236a2042b4 in _start (/data/git/samba/scratch3/bin/default/nsswitch/stress-nss-libwbclient+0x22b4)
Address 0x7f3907d85000 is a wild pointer inside of access range of size 0x000000000004.
SUMMARY: AddressSanitizer: unknown-crash ../../nsswitch/wb_common.c:220 in winbind_close_sock
The pthread key in wb_global_ctx.key is only initialized if
wb_thread_ctx_initialize() is called via get_wb_global_ctx() -> get_wb_thread_ctx().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 6 15:04:46 UTC 2023 on sn-devel-184
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/wb_common.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c index 7ae3a11162d..d569e761ebe 100644 --- a/nsswitch/wb_common.c +++ b/nsswitch/wb_common.c @@ -43,6 +43,7 @@ struct winbindd_context { }; static struct wb_global_ctx { + bool initialized; #ifdef HAVE_PTHREAD pthread_once_t control; pthread_key_t key; @@ -141,16 +142,23 @@ static struct winbindd_context *get_wb_thread_ctx(void) static struct winbindd_context *get_wb_global_ctx(void) { -#ifdef HAVE_PTHREAD - return get_wb_thread_ctx(); -#else - static struct winbindd_context ctx = { + struct winbindd_context *ctx = NULL; +#ifndef HAVE_PTHREAD + static struct winbindd_context _ctx = { .winbindd_fd = -1, .is_privileged = false, .our_pid = 0 }; - return &ctx; #endif + +#ifdef HAVE_PTHREAD + ctx = get_wb_thread_ctx(); +#else + ctx = &_ctx; +#endif + + wb_global_ctx.initialized = true; + return ctx; } void winbind_set_client_name(const char *name) @@ -234,6 +242,10 @@ static void winbind_destructor(void) { struct winbindd_context *ctx; + if (!wb_global_ctx.initialized) { + return; + } + #ifdef HAVE_PTHREAD_H ctx = (struct winbindd_context *)pthread_getspecific(wb_global_ctx.key); if (ctx == NULL) { |