URL:
https://github.com/SSSD/sssd/pull/127
Title: #127: ssh: use cache_req
jhrozek commented:
"""
There is a bug when looking up keys for a user from a trusted domain:
```
==3945== Invalid read of size 8
==3945== at 0x4100FE: sss_dp_callback_destructor (responder_dp.c:61)
==3945== by 0x9019C0F: ??? (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x901B7F0: _talloc_free (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x77D4DBF: tevent_req_received (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D4DF8: ??? (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x9019C0F: ??? (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x9019694: ??? (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x901B7F0: _talloc_free (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x77D4DBF: tevent_req_received (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D4DF8: ??? (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x901BADF: _talloc_free (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x405F97: ssh_cmd_get_user_pubkeys_done (ssh_cmd.c:134)
==3945== Address 0xb687390 is 688 bytes inside a block of size 797 free'd
==3945== at 0x4C2ED4A: free (vg_replace_malloc.c:530)
==3945== by 0x901B89A: _talloc_free (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x411047: sss_dp_req_done (responder_dp.c:408)
==3945== by 0x411E34: sss_dp_internal_get_done (responder_dp.c:840)
==3945== by 0x5728391: ??? (in /usr/lib64/libdbus-1.so.3.16.3)
==3945== by 0x572BCDE: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.16.3)
==3945== by 0x4E8A4E8: sbus_dispatch (sssd_dbus_connection.c:96)
==3945== by 0x77D84FF: tevent_common_loop_timer_delay (in
/usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D9518: ??? (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D7C06: ??? (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D3ABC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x77D3CEA: tevent_common_loop_wait (in /usr/lib64/libtevent.so.0.9.30)
==3945== Block was alloc'd at
==3945== at 0x4C2DB9D: malloc (vg_replace_malloc.c:299)
==3945== by 0x901F2BB: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.8)
==3945== by 0x77D4ACC: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.30)
==3945== by 0x4118B9: sss_dp_internal_get_send (responder_dp.c:689)
==3945== by 0x410C5F: sss_dp_issue_request (responder_dp.c:334)
==3945== by 0x411351: sss_dp_get_account_send (responder_dp.c:528)
==3945== by 0x41A0CB: cache_req_user_by_upn_dp_send (cache_req_user_by_upn.c:102)
==3945== by 0x418266: cache_req_search_dp (cache_req_search.c:289)
==3945== by 0x417FDB: cache_req_search_send (cache_req_search.c:232)
==3945== by 0x416912: cache_req_next_domain (cache_req.c:544)
==3945== by 0x416D00: cache_req_done (cache_req.c:693)
==3945== by 0x77D4473: tevent_common_loop_immediate (in
/usr/lib64/libtevent.so.0.9.30)
```
"""
See the full comment at
https://github.com/SSSD/sssd/pull/127#issuecomment-276367683