Bug 14333 - [smbclient] segfaults when "smb encrypt = desired" configuration option is set
Summary: [smbclient] segfaults when "smb encrypt = desired" configuration option is set
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.12.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-04-01 19:28 UTC by Jelle van der Waa
Modified: 2022-01-05 16:47 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jelle van der Waa 2020-04-01 19:28:04 UTC
I've compiled and uploaded samba 4.12.0 for Arch Linux's [testing] repository and noticed that smbclient/smbtree segfaults with a specific smb.conf using

[global]
  smb encrypt = desired

A coredump/traceback is available if required. Samba is compiled as following https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/samba#n42

[root@arch-samba ~]# smbclient -L localhost -U%
Segmentation fault (core dumped)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7ae3d04 in smb2_signing_decrypt_pdu () from /usr/lib/samba/libcli-smb-common-samba4.so
(gdb) bt full
#0  0x00007ffff7ae3d04 in smb2_signing_decrypt_pdu () from /usr/lib/samba/libcli-smb-common-samba4.so
No symbol table info available.
#1  0x00007ffff7ae8e8a in ?? () from /usr/lib/samba/libcli-smb-common-samba4.so
No symbol table info available.
#2  0x00007ffff7aebbd7 in ?? () from /usr/lib/samba/libcli-smb-common-samba4.so
No symbol table info available.
#3  0x00007ffff701f4f0 in ?? () from /usr/lib/samba/libsmb-transport-samba4.so
No symbol table info available.
#4  0x00007ffff715e02e in tevent_common_invoke_fd_handler () from /usr/lib/libtevent.so.0
No symbol table info available.
#5  0x00007ffff71644e8 in ?? () from /usr/lib/libtevent.so.0
No symbol table info available.
#6  0x00007ffff71625f9 in ?? () from /usr/lib/libtevent.so.0
No symbol table info available.
#7  0x00007ffff715d715 in _tevent_loop_once () from /usr/lib/libtevent.so.0
No symbol table info available.
#8  0x00007ffff715ef04 in tevent_req_poll () from /usr/lib/libtevent.so.0
No symbol table info available.
#9  0x00007ffff71c83e0 in tevent_req_poll_ntstatus () from /usr/lib/libtevent-util.so.0
No symbol table info available.
#10 0x00007ffff7eacba6 in cli_tree_connect () from /usr/lib/samba/liblibsmb-samba4.so
No symbol table info available.
#11 0x00007ffff7ec9470 in ?? () from /usr/lib/samba/liblibsmb-samba4.so
No symbol table info available.
#12 0x00007ffff7ec99b1 in ?? () from /usr/lib/samba/liblibsmb-samba4.so
No symbol table info available.
#13 0x00007ffff7ec9b57 in cli_cm_open () from /usr/lib/samba/liblibsmb-samba4.so
No symbol table info available.
#14 0x000055555555cbf8 in main ()
No symbol table info available.


Unrelated smbtree -b -N seems to segfaults regardless
[root@arch-samba ~]# smbtree -b -N
free(): double free detected in tcache 2
Aborted (core dumped)
Comment 1 Björn Jacke 2022-01-05 16:47:40 UTC
I can't reproduce this with current 4.15.3. If you still see that problem with 4.15, please reopen the bug with your config and detailed steps to reproduce.