Bug 10426 - smbd crashed when setting windows acl
Summary: smbd crashed when setting windows acl
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: File services (show other bugs)
Version: 3.6.16
Hardware: x64 Linux
: P5 normal
Target Milestone: ---
Assignee: Volker Lendecke
QA Contact: Samba QA Contact
Depends on:
Reported: 2014-02-07 01:29 UTC by yanhuan
Modified: 2021-03-03 17:39 UTC (History)
0 users

See Also:

level 10 log.smbd (200.19 KB, application/octet-stream)
2014-02-07 01:30 UTC, yanhuan
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description yanhuan 2014-02-07 01:29:27 UTC
My smbd crashed when setting windows acl, my samba version is 3.6.16, here is a small piece of log.smbd:

[2014/01/23 10:24:06.204184, 10] smbd/posix_acls.c:848(print_canon_ace_list)
print_canon_ace_list: file ace - before deny
canon_ace index 0. Type = deny SID = S-1-5-7 gid 16777223 (16777223) SMB_ACL_GROUP ace_flags = 0x0 perms rwx
canon_ace index 1. Type = deny SID = S-1-1-0 other SMB_ACL_OTHER ace_flags = 0x0 perms rwx
*** glibc detected *** smbd: malloc(): memory corruption: 0x00002b0acaeb21c0 ***

The program went to the codes posix_acls.c:process_deny_list below:
if (curr_ace->perms == ALL_ACE_PERMS) {

* Optimisation. This is a DENY_ALL to Everyone. Truncate the
* list at this point including this entry.

canon_ace *prev_entry = DLIST_PREV(curr_ace);

free_canon_ace_list( curr_ace );
if (prev_entry)
DLIST_REMOVE(ace_list, prev_entry);
else {
/* We deleted the entire list. */
ace_list = NULL;

I think we should set prev_entry->next = NULL and ace_list->prev = curr_ace->prev before calling free_canon_ace_list.
But I want more, as this is a DENY_ALL to everyone, it would be OK to remove the entire list. I rewrite the codes below:
ace_list = NULL;
Please let me know if I am right. Thank you.

I enabled windows acl with parameters below:
vfs objects=acl_xattr 
map acl inherit=yes 
inherit acls=yes 
store dos attributes=yes
dos filemode=yes
ea support=yes
Comment 1 yanhuan 2014-02-07 01:30:45 UTC
Created attachment 9650 [details]
level 10 log.smbd
Comment 2 Björn Jacke 2021-03-03 17:39:01 UTC
I think this is not a problem with recent samba versions, I haven't seen such a crash in the last couple of years. Can you confirm this is also working for you these days?