From 20d3911c1422d5c0144b62dc66d38dba7f8b2876 Mon Sep 17 00:00:00 2001 From: Jones Syue Date: Mon, 28 Sep 2020 09:10:03 +0800 Subject: [PATCH] interface: fix if_index is not parsed correctly Replace probed_ifaces[i] with ifs. In SDC 2020 SMB3 Virtual IO Lab, run Windows Protocol Test Suite to test FileServer multichannel test cases. Samba server has 2 virtual interfaces for VPN connection: > name=tun2001, ip/mask=192.168.144.9/22 > name=tun2002, ip/mask=192.168.144.10/22 test suite client can ping these 2 ip addresses and browse shares. Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the virtual ip addresses of samba server, but samba server responded it without the virtual ip addresses. My VPN setup is point-to-point and the virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST. So edit smb.conf and add "interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this: > interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51" then samba server IOCTL response could return the virtual ip addresses, but found a issue: the interface index of virtual ip addresses is always 4294967295 (0xFFFFFFFF, -1). Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789 This looks good, I think that also explains the possible memory corruption/crash I mentioned in the bug report. As 'i' is most likely the same as 'total_probed' and probed_ifaces[i] is not valid, so we overwrite unrelated memory. Later I see 'realloc(): invalid pointer' and this backtrace: BACKTRACE: #0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0] #1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10] #2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20] #3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0] #4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90] #5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0] #6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0] #7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0] #8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00] #9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50] #10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0] #11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000] #12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040] #13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060] #14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080] #15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0] #16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260] #17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0] #18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14514 Signed-off-by: Jones Syue Reviewed-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit b78ff5717654064c8a4facc54a8e9833e5843c21) --- source3/lib/interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/lib/interface.c b/source3/lib/interface.c index 35cfc5eee62b..c21580244ff6 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -617,7 +617,7 @@ static void interpret_interface(char *token) ifs.netmask = ss_mask; ifs.bcast = ss_bcast; if (if_index_set) { - probed_ifaces[i].if_index = if_index; + ifs.if_index = if_index; } if (speed_set) { ifs.linkspeed = speed; -- 2.17.1