Bug 10082 - Winbind segfaults looking converting the NBT name of an AD server
Summary: Winbind segfaults looking converting the NBT name of an AD server
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.1.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-13 06:32 UTC by Andreas Schneider
Modified: 2013-08-19 07:11 UTC (History)
0 users

See Also:


Attachments
v4-1-test patch (1.46 KB, patch)
2013-08-13 12:01 UTC, Andreas Schneider
vl: review+
Details
git-am fix for 4.1.0 (1.15 KB, patch)
2013-08-15 21:18 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2013-08-13 06:32:12 UTC
Winbind segfaults looking converting the NBT name of an AD server.

(gdb) backtrace
#0  0x00007f4c2cf6aa19 in raise () from /lib64/libc.so.6
#1  0x00007f4c2cf6c128 in abort () from /lib64/libc.so.6
#2  0x00007f4c2f2f170b in dump_core () at ../source3/lib/dumpcore.c:336
#3  0x00007f4c2f2dbe89 in smb_panic_s3 (why=<optimized out>) at ../source3/lib/util.c:833
#4  0x00007f4c335c0f9f in smb_panic (why=why@entry=0x7f4c335ce5b7 "internal error")
    at ../lib/util/fault.c:159
#5  0x00007f4c335c11b6 in fault_report (sig=<optimized out>) at ../lib/util/fault.c:77
#6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:88
#7  <signal handler called>
#8  convert_string_error_handle (ic=0x7f4c347ee980, from=CH_DOS, to=CH_UNIX, src=<optimized out>, 
    srclen=<optimized out>, dest=<optimized out>, destlen=256, converted_size=0x7fffa95695a8)
    at ../lib/util/charset/convert_string.c:145
#9  0x00007f4c335c8f64 in convert_string_handle (ic=0x7f4c347ee980, from=from@entry=CH_DOS, 
    to=to@entry=CH_UNIX, src=src@entry=0x7f4c348021d6, srclen=srclen@entry=10, dest=dest@entry=0x0, 
    destlen=destlen@entry=256, converted_size=converted_size@entry=0x7fffa95695a8)
    at ../lib/util/charset/convert_string.c:289
---Type <return> to continue, or q <return> to quit---
#10 0x00007f4c335c96b6 in convert_string (from=from@entry=CH_DOS, to=to@entry=CH_UNIX, 
    src=src@entry=0x7f4c348021d6, srclen=srclen@entry=10, dest=dest@entry=0x0, 
    destlen=destlen@entry=256, converted_size=converted_size@entry=0x7fffa95695a8)
    at ../lib/util/charset/convert_string.c:499
#11 0x00007f4c29fd8362 in pull_ascii (dest=dest@entry=0x0, src=0x7f4c348021d6, 
    dest_len=dest_len@entry=256, src_len=10, src_len@entry=16, flags=flags@entry=1)
    at ../source3/lib/charcnv.c:125
#12 0x00007f4c29fd8899 in pull_ascii_nstring (dest=dest@entry=0x0, dest_len=dest_len@entry=256, 
    src=<optimized out>) at ../source3/lib/fstring.c:62
#13 0x00007f4c30978c66 in name_status_find (q_name=0x7f4c347ee820 "AD1", q_type=q_type@entry=28, 
    type=type@entry=32, to_ss=to_ss@entry=0x7f4c347fb120, name=0x0)
    at ../source3/libsmb/namequery.c:947
#14 0x00007f4c33e6402e in dcip_to_name (mem_ctx=mem_ctx@entry=0x7f4c347f66c0, 
    domain=domain@entry=0x7f4c347fb070, pss=pss@entry=0x7f4c347fb120, name=name@entry=0x7fffa9569938)
    at ../source3/winbindd/winbindd_cm.c:1213
#15 0x00007f4c33e67666 in find_new_dc (fd=0x7fffa956992c, pss=0x7f4c347fb120, dcname=0x7fffa9569938, 
---Type <return> to continue, or q <return> to quit---
    domain=0x7f4c347fb070, mem_ctx=0x7f4c347f66c0) at ../source3/winbindd/winbindd_cm.c:1431
#16 cm_open_connection (new_conn=0x7f4c347fb1b0, domain=0x7f4c347fb070)
    at ../source3/winbindd/winbindd_cm.c:1620
#17 init_dc_connection_network (domain=0x7f4c347fb070) at ../source3/winbindd/winbindd_cm.c:1820
#18 0x00007f4c33e68165 in init_dc_connection (domain=domain@entry=0x7f4c347fb070)
    at ../source3/winbindd/winbindd_cm.c:1840
#19 0x00007f4c33e5767a in get_cache (domain=domain@entry=0x7f4c347fb070)
    at ../source3/winbindd/winbindd_cache.c:133
#20 0x00007f4c33e58612 in wcache_name_to_sid (domain=domain@entry=0x7f4c347fb070, 
    domain_name=domain_name@entry=0x7f4c347f6140 "AD1", 
    name=name@entry=0x7f4c347f62e0 "DOMAIN USERS", sid=sid@entry=0x7f4c347f6500, 
    type=type@entry=0x7f4c347f6490) at ../source3/winbindd/winbindd_cache.c:1799
#21 0x00007f4c33e587db in name_to_sid (domain=0x7f4c347fb070, mem_ctx=0x7f4c347f27a0, 
    domain_name=0x7f4c347f6140 "AD1", name=0x7f4c347f62e0 "DOMAIN USERS", flags=0, 
    sid=0x7f4c347f6500, type=0x7f4c347f6490) at ../source3/winbindd/winbindd_cache.c:1850
#22 0x00007f4c33e7814c in _wbint_LookupName (p=p@entry=0x7fffa9569b70, r=r@entry=0x7f4c347f2810)
---Type <return> to continue, or q <return> to quit---
    at ../source3/winbindd/winbindd_dual_srv.c:104
#23 0x00007f4c33e9e370 in api_wbint_LookupName (p=0x7fffa9569b70)
    at default/source3/librpc/gen_ndr/srv_wbint.c:316
#24 0x00007f4c33e77ee1 in winbindd_dual_ndrcmd (domain=<optimized out>, state=0x7fffa9569de8)
    at ../source3/winbindd/winbindd_dual_ndr.c:322
#25 0x00007f4c33e74d14 in child_process_request (child=<optimized out>, child=<optimized out>, 
    state=0x7fffa9569de8) at ../source3/winbindd/winbindd_dual.c:459
#26 child_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, 
    private_data=0x7fffa9569de0) at ../source3/winbindd/winbindd_dual.c:1338
#27 0x00007f4c2d54ec5b in epoll_event_loop_once () from /lib64/libtevent.so.0
#28 0x00007f4c2d54d107 in std_event_loop_once () from /lib64/libtevent.so.0
#29 0x00007f4c2d549bcd in _tevent_loop_once () from /lib64/libtevent.so.0
#30 0x00007f4c33e7706a in fork_domain_child (child=0x7f4c347f5d90)
    at ../source3/winbindd/winbindd_dual.c:1553
#31 0x00007f4c33e77725 in wb_child_request_trigger (req=0x7f4c347fa360, private_data=<optimized out>)
    at ../source3/winbindd/winbindd_dual.c:146
---Type <return> to continue, or q <return> to quit---
#32 0x00007f4c2d54a3f4 in tevent_common_loop_immediate () from /lib64/libtevent.so.0
#33 0x00007f4c2d54ea17 in epoll_event_loop_once () from /lib64/libtevent.so.0
#34 0x00007f4c2d54d107 in std_event_loop_once () from /lib64/libtevent.so.0
#35 0x00007f4c2d549bcd in _tevent_loop_once () from /lib64/libtevent.so.0
#36 0x00007f4c33e46b92 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at ../source3/winbindd/winbindd.c:1582
(gdb)
Comment 1 Andreas Schneider 2013-08-13 12:01:19 UTC
Created attachment 9129 [details]
v4-1-test patch
Comment 2 Karolin Seeger 2013-08-14 08:58:49 UTC
Pushed to autobuild-v4-1-test.
Comment 3 Jeremy Allison 2013-08-15 21:18:03 UTC
Created attachment 9137 [details]
git-am fix for 4.1.0

Additional patch needed. This is the version that went into master.

Jeremy.
Comment 4 Karolin Seeger 2013-08-16 06:52:55 UTC
(In reply to comment #3)
> Created attachment 9137 [details]
> git-am fix for 4.1.0
> 
> Additional patch needed. This is the version that went into master.
> 
> Jeremy.

Pushed to autobuild-v4-1-test.
Comment 5 Karolin Seeger 2013-08-19 07:11:18 UTC
Pushed to v4-1-test.
Closing out bug report.

Thanks!