15807 – pysmbd seg faults when file is not found

Bug 15807 - pysmbd seg faults when file is not found

Summary: pysmbd seg faults when file is not found

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	4.22.0rc1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-02-12 14:58 UTC by Björn Baumbach
Modified:	2025-02-20 13:03 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
v4.22 fix cherry-picked from master (3.23 KB, patch) 2025-02-17 14:13 UTC, Björn Baumbach	bbaumbach: review+ vl: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Björn Baumbach 2025-02-12 14:58:35 UTC

# valgrind samba-tool ntacl get filedoesnotexist

INTERNAL ERROR: Signal 11: Segmentation fault in  () () pid 1206907 (4.22.0rc1-SerNet-2ubuntu24.04)

==178062== Invalid read of size 8
==178062==    at 0xBD3499C: mangle_is_8_3 (mangle.c:95)
==178062==    by 0xBCC20A6: filename_convert_normalize_new (filename.c:567)
==178062==    by 0xBCC20A6: filename_convert_dirfsp_nosymlink (filename.c:922)
==178062==    by 0xBCC2A52: filename_convert_dirfsp_rel (filename.c:1093)
==178062==    by 0xBCC5CD6: fd_openat (open.c:558)
==178062==    by 0xBCA03F2: openat_pathref_fullname (files.c:434)
==178062==    by 0xBCA2E35: openat_pathref_fsp (files.c:542)
==178062==    by 0xB67C1DC: get_nt_acl_conn (pysmbd.c:317)
==178062==    by 0xB67C1DC: py_smbd_get_nt_acl (pysmbd.c:892)
==178062==    by 0x58201E: ??? (in /usr/bin/python3.12)
==178062==    by 0x54901D: _PyObject_MakeTpCall (in /usr/bin/python3.12)
==178062==    by 0x5D7498: _PyEval_EvalFrameDefault (in /usr/bin/python3.12)
==178062==    by 0x54CB73: ??? (in /usr/bin/python3.12)
==178062==    by 0x54B184: PyObject_Call (in /usr/bin/python3.12)
==178062==  Address 0x18 is not stack'd, malloc'd or (recently) free'd
==178062==

Have patch need bug number.

Comment 1 Volker Lendecke 2025-02-13 16:37:28 UTC

https://gitlab.com/samba-team/samba/-/merge_requests/3960

Comment 2 Samba QA Contact 2025-02-14 16:19:13 UTC

This bug was referenced in samba master:

0a9946258eb4587f5c132805d7c44062c377f375
334f621e4b74e9cda735982e223aefc7eefb4631

Comment 3 Björn Baumbach 2025-02-17 14:13:53 UTC

Created attachment 18569 [details]
v4.22 fix cherry-picked from master

Comment 4 Jule Anger 2025-02-20 10:13:15 UTC

Pushed to autobuild-v4-22-test.

Comment 5 Samba QA Contact 2025-02-20 11:23:21 UTC

This bug was referenced in samba v4-22-test:

836ff80b95403519f6ea925d3c45fcf191bc41d1
78ed8d3a985654a7982e63accded24ddcb5fd378

Comment 6 Jule Anger 2025-02-20 12:53:07 UTC

Closing out bug report.

Thanks!

Comment 7 Samba QA Contact 2025-02-20 13:03:35 UTC

This bug was referenced in samba v4-22-stable (Release samba-4.22.0rc3):

836ff80b95403519f6ea925d3c45fcf191bc41d1
78ed8d3a985654a7982e63accded24ddcb5fd378