13315 – Samba segfault with NT1 connections in smbXsrv_session_create()

Bug 13315 - Samba segfault with NT1 connections in smbXsrv_session_create()

Summary: Samba segfault with NT1 connections in smbXsrv_session_create()

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.8.0rc2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-01 14:01 UTC by Andreas Schneider
Modified:	2019-05-23 05:48 UTC (History)
CC List:	5 users (show)

See Also:

Attachments
patch for 4.8 (4.10 KB, patch) 2018-03-02 08:14 UTC, Andreas Schneider	jra: review+	Details
patch for 4.7 (4.10 KB, patch) 2018-03-02 08:15 UTC, Andreas Schneider	jra: review+	Details
patch for 4.6 (4.10 KB, patch) 2018-03-02 08:15 UTC, Andreas Schneider	jra: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Schneider 2018-03-01 14:01:01 UTC

Samba segfault with NT1 connections in smbXsrv_session_create()

#6  sig_fault (sig=<optimized out>) at ../lib/util/fault.c:94
#7  <signal handler called>
#8  smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, now=now@entry=131594481870263270, _session=_session@entry=0x7ffc93a778e8)
    at ../source3/smbd/smbXsrv_session.c:1212
#9  0x00007f7618aa21ef in reply_sesssetup_and_X (req=req@entry=0x5654d3517490) at ../source3/smbd/sesssetup.c:961
#10 0x00007f7618ae17b0 in switch_message (type=<optimized out>, req=req@entry=0x5654d3517490) at ../source3/smbd/process.c:1726
#11 0x00007f7618ae3550 in construct_reply (deferred_pcd=0x0, encrypted=false, seqnum=0, unread_bytes=0, size=103, inbuf=0x0, xconn=0x5654d3514ee0)
    at ../source3/smbd/process.c:1762


Patch will follow.

Comment 1 Andreas Schneider 2018-03-02 08:14:48 UTC

Created attachment 14012 [details]
patch for 4.8

Comment 2 Andreas Schneider 2018-03-02 08:15:06 UTC

Created attachment 14013 [details]
patch for 4.7

Comment 3 Andreas Schneider 2018-03-02 08:15:23 UTC

Created attachment 14014 [details]
patch for 4.6

Comment 4 Jeremy Allison 2018-03-02 18:34:23 UTC

Re-assigning to Karolin for inclusion in 4.8.0rcNext, 4.7.next, 4.6.next.

Comment 5 Stefan Metzmacher 2018-03-07 14:13:33 UTC

Pushed to autobuild-v4-8-test.

Comment 6 Stefan Metzmacher 2018-03-08 12:33:16 UTC

Pushed to v4-8-test.
Pushed to autobuild-v4-{6,7}-test.

Comment 7 Stefan Metzmacher 2018-03-13 13:25:21 UTC

Pushed to v4-{6,7}-test

Comment 8 Andreas Hasenack 2019-05-22 20:34:44 UTC

Is there a simple reproducer for this?

Comment 9 Andreas Schneider 2019-05-23 05:48:41 UTC

I don't have a reproducer for this. I've just had the backtraces and followed the code.