Bug 11535 - Rename requests with invalid stream names cause smbd segfault
Summary: Rename requests with invalid stream names cause smbd segfault
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 11522
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-30 17:02 UTC by Ralph Böhme
Modified: 2015-10-12 19:04 UTC (History)
2 users (show)

See Also:

Attachments
git-am fix for 4.3.next, 4.2.next. (2.33 KB, patch)
2015-10-01 17:25 UTC, Jeremy Allison 		slow: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2015-09-30 17:02:08 UTC 
When receiving an rename request with an invalid stream name we crash in unix_convert() trying to dereference dirpath which has a NULL value. Found by MTM.
Comment 1 Jeremy Allison 2015-09-30 18:32:30 UTC 
Hopefully should be an easy fix. Can you attach the backtrace ?

Jeremy.
Comment 2 Ralph Böhme 2015-09-30 18:49:10 UTC 
I already have the fix, I just needed the bugreport number for the patch. :)
Comment 3 Jeremy Allison 2015-09-30 18:52:03 UTC 
I suspected as much. Please post the patch to samba-technical :-).
Comment 4 Jeremy Allison 2015-10-01 17:25:29 UTC 
Created attachment 11470 [details]
git-am fix for 4.3.next, 4.2.next.

Cherry-pick from master. Depends on the patch from bug:

https://bugzilla.samba.org/show_bug.cgi?id=11522

being applied first.

Jeremy.
Comment 5 Jeremy Allison 2015-10-01 18:09:06 UTC 
Re-assigning to Karolin for inclusion in 4.3.next, 4.2.next.
Comment 6 Karolin Seeger 2015-10-05 07:38:04 UTC 
(In reply to Jeremy Allison from comment #5)
Pushed to autobuild-v4-[3|2]-test.
Comment 7 Karolin Seeger 2015-10-12 19:04:20 UTC 
(In reply to Karolin Seeger from comment #6)
Pushed to both branches.
Closing out bug report.

Thanks!