Attachment 18020 Details for Bug 15441 – Patch for v4-18-test & v4-17-test backported from master

[patch] Patch for v4-18-test & v4-17-test backported from master

bfixes-v4-18-test-and-v4-17-test.patch (text/plain), 3.29 KB, created by Jones Syue on 2023-08-03 08:05:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jones Syue

Created: 2023-08-03 08:05:19 UTC

Size: 3.29 KB

patch

obsolete

>From b751c35833800fe287cfc7d033d95c8525405cb2 Mon Sep 17 00:00:00 2001
>From: Jones Syue <jonessyue@qnap.com>
>Date: Wed, 2 Aug 2023 09:48:40 +0800
>Subject: [PATCH] vfs_aio_pthread: fix segfault if samba-tool ntacl get
>
>If configured as AD DC and aio_pthread appended into 'vfs objects'[1],
>run these commands would get segfault:
>1. sudo samba-tool ntacl get .
>2. sudo net vfs getntacl sysvol .
>gdb said it goes through aio_pthread_openat_fn() @ vfs_aio_pthread.c[2],
>and the fsp->conn->sconn->client is null (0x0).
>
>'sconn->client' memory is allocated when a new connection is accpeted:
>smbd_accept_connection > smbd_process > smbXsrv_client_create
>While running local commands looks like it would not go through
>smbXsrv_client_create so the 'client' is null, segfault might happen.
>We should not dereference 'client->server_multi_channel_enabled',
>if 'client' is null.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=15441
>
>[1] smb.conf example, samba-4.18.5, ubuntu 22.04.2
>[global]
>        dns forwarder = 127.0.0.53
>        netbios name = U22-JONES-88X1
>        realm = U22-JONES-88X1.X88X1.JONES
>        server role = active directory domain controller
>        workgroup = X88X1
>        idmap_ldb:use rfc2307 = yes
>        vfs objects = dfs_samba4 acl_xattr aio_pthread
>
>[sysvol]
>        path = /var/lib/samba/sysvol
>        read only = No
>
>[netlogon]
>        path = /var/lib/samba/sysvol/u22-jones-88x1.x88x1.jones/scripts
>        read only = No
>
>[2] gdb
>(gdb) run /usr/local/samba/bin/samba-tool ntacl get .
>Starting program: /usr/local/Python3/bin/python3 /usr/local/samba/bin/samba-tool ntacl get .
>[Thread debugging using libthread_db enabled]
>Using host libthread_db library "/lib/libthread_db.so.1".
>
>Program received signal SIGSEGV, Segmentation fault.
>0x00007fffd0eb809e in aio_pthread_openat_fn (handle=0x8d5cc0, dirfsp=0x8c3070, smb_fname=0x18ab4f0, fsp=0x1af3550, flags=196608, mode=0)
>    at ../../source3/modules/vfs_aio_pthread.c:467
>warning: Source file is more recent than executable.
>467             if (fsp->conn->sconn->client->server_multi_channel_enabled) {
>(gdb) bt
>    at ../../source3/modules/vfs_aio_pthread.c:467
>    at ../../source3/smbd/pysmbd.c:320
>---Type <return> to continue, or q <return> to quit---
>(gdb) f
>    at ../../source3/modules/vfs_aio_pthread.c:467
>467             if (fsp->conn->sconn->client->server_multi_channel_enabled) {
>(gdb) p fsp->conn->sconn->client
>$1 = (struct smbXsrv_client *) 0x0
>(gdb)
>
>Signed-off-by: Jones Syue <jonessyue@qnap.com>
>Reviewed-by: Ralph Boehme <slow@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(backported from commit 8f4c1c67b4f118a9a47b09ac7908cd3d969b19c2)
>[jonessyue@qnap.com: 4.18/4.17 does not have 3694f2ce sconn->pool checks]
>---
> source3/modules/vfs_aio_pthread.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/modules/vfs_aio_pthread.c b/source3/modules/vfs_aio_pthread.c
>index 5d051b4..3b5d64c 100644
>--- a/source3/modules/vfs_aio_pthread.c
>+++ b/source3/modules/vfs_aio_pthread.c
>@@ -468,7 +468,8 @@ static int aio_pthread_openat_fn(vfs_handle_struct *handle,
> 		return -1;
> 	}
> 
>-	if (fsp->conn->sconn->client->server_multi_channel_enabled) {
>+	if (fsp->conn->sconn->client != NULL &&
>+	    fsp->conn->sconn->client->server_multi_channel_enabled) {
> 		/*
> 		 * This module is not compatible with multi channel yet.
> 		 */
>-- 
>2.1.4
>

Flags:

metze: review-
slow: review+

Actions: View

Attachments on bug 15441: 18019 | 18020 | 18023