Ubuntu
samba package

nsswitch/libwbclient: memory leak in wbcCtxAuthenticateUserEx

Bug #1795677 reported by Kócsó Balázs
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Triaged
Low
Unassigned

Bug Description

There is a memory leak in nsswitch/libwbclient/wbc_pam.c::wbcCtxAuthenticateUserEx

$ lsb_release -rd
Description: Ubuntu 18.04.1 LTS
Release: 18.04

samba version: 2:4.7.6+dfsg~ubuntu-0ubuntu2.2

Revision history for this message
Kócsó Balázs (kocsob) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "f0e88410bd2528517910f780d71e63f8effb91ef.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks for filing this bug in Ubuntu and providing a patch.

I don't see this change in samba's upstream git repo, nor can I find it being mentioned in the git log. I checked master and the v4-7-test branch.

Do you have a pointer to an upstream bug, or somewhere where this was reported or fixed?

Changed in samba (Ubuntu):
status: New → Incomplete
Revision history for this message
Kócsó Balázs (kocsob) wrote :

>>> Do you have a pointer to an upstream bug, or somewhere where this was reported or fixed?
No, I do not have. We found the bug in the code and I reported it only here.

Sebastien Bacher (seb128)
Changed in samba (Ubuntu):
status: Incomplete → New
Revision history for this message
Robie Basak (racb) wrote :

What's the impact to users in practice please? Did you detect the leak using some leak detection tool or because it was causing you a practical problem?

The fix needs to be submitted upstream if they don't know about it already. Anyone can do this.

Separately we can add the patch to the Ubuntu development release if it can be verified to be correct, and we can additionally backport the patch to stable Ubuntu releases (eg. 18.04) if the bug is expected to have a real impact to users.

But how much effort we spend on this depends on the bug's actual impact, which is why I'm asking. If it doesn't affect users in practice, then we'll leave this bug tagged for needing reporting upstream but I expect it'll otherwise be left as a non-priority.

Setting Importance to Low for now as we don't have any evidence of this being a problem for users. If we feedback that it's actually a problem we can raise it.

tags: added: needs-upstream-report
Changed in samba (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Kócsó Balázs (kocsob) wrote :

>>> What's the impact to users in practice please?
We had a special use case (and we patched locally), so the impact of that is not so high for the users, but we want to report it. I think it is okay if it will be fixed in the upstream.

Brian Murray (brian-murray)
tags: added: bionic dingo
Jeremy Bícha (jbicha)
tags: added: disco
removed: dingo
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Subscribing Andreas to track this with the next Samba merge that contains the fix.

@Kócsó Balázs - you said you had no upstream bug yet, do you mind filing one and mention it here to tracking can be synchronized for distribution and upstream?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.