If the server comment, contained in the smb.conf parameter "server string" contains a single quote, the server disappears from the browse list. This proble appeared between 3.0.1RC1 and 3.0.1RC2. I have not reported this earlier because I was unable to determine wether the disappearing server was caused by an actual bug or something had changed in the config that I missed. I am now able to reproduce the error consistently from 3.0.1RC2 up until 3.0.2RC1. Both the binary builds from ie.samba.org and "home grown" rpm's exibit this behavior. PII, PIII and athlon machines all have this problem. I use redhat9, fully patched with all official RedHat patches on all machines.
The problem also occurs if you put a single quote in the description of a W2K client. The description/server string shows up properly in browse.dat, in other words, the problem does not appear to be in the receiving of the description.
This problem persists in 3.02 and 3.02a. It seems that it may be a bit more serious than reported. I've found that invalid characters in the Windows XP or 2000 registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameter\srv comment can cause strange behavior of the Samba server itself. This is the key that stores the "server string". While I was testing it last night, I noticed that if I included the | symbol in a combination with other odd symbols including a "'", I could cause the server to dump the string buffer back to the workstations on the network, which caused the workstation to lockup browsing the network. It seems the "server string" value is being treated, at least by nmbd as a trusted and properly formed text string, and there is no checking to see if that is so. Also, since anyone with a small bit of information can edit this registry key on their workstation, there is no way to enforce integrity of this value. I'm not sure if this is a security problem, but it definatly can cause an overflow condition which could lead to a security problem. Not being familier with the samba code (and not a great C programmer), I don't know where to start looking for the problem, but it should be addressed.
*** Bug 1006 has been marked as a duplicate of this bug. ***
*** Bug 1104 has been marked as a duplicate of this bug. ***
Bug 1221 has a patch. closing this one. *** This bug has been marked as a duplicate of 1221 ***
database cleanup