15973 – smbpasswd can crash winbindd on an AD DC

Bug 15973 - smbpasswd can crash winbindd on an AD DC

Summary: smbpasswd can crash winbindd on an AD DC

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.23.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba release manager
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-01-20 10:11 UTC by Ralph Böhme
Modified:	2026-05-29 13:11 UTC (History)
CC List:	4 users (show)

See Also:	https://lists.samba.org/archive/samba-technical/2026-January/140590.html

Attachments
Patch for v4-24-test (5.68 KB, text/plain) 2026-04-28 13:11 UTC, Stefan Metzmacher	vl: review+	Details
Patch for v4-23-test (5.68 KB, text/plain) 2026-04-28 13:11 UTC, Stefan Metzmacher	vl: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ralph Böhme 2026-01-20 10:11:43 UTC

#7  <signal handler called>
No symbol table info available.
#8  0x000000000043f47c in cm_connect_netlogon_transport (domain=domain@entry=0x17cd180, transport=transport@entry=NCACN_IP_TCP, cli=cli@entry=0x7ffccd40ed00) at ../../source3/winbindd/winbindd_cm.c:3216
        msg_ctx = 0x171a7a0
        conn = 0x17cd2d8
        result = {v = 0}
        sec_chan_type = <optimized out>
        creds = 0x0
        remote_name = 0x0
        remote_sockaddr = 0x0
        __func__ = "cm_connect_netlogon_transport"
        __FUNCTION__ = "cm_connect_netlogon_transport"

That is in

    remote_name = smbXcli_conn_remote_name(conn->cli->conn);

For some reason conn->cli is NULL.

Problem is triggered by the client sending the DC name as domain and the DC password check code then forwards the request to winbindd.

Comment 1 Samba QA Contact 2026-04-28 11:50:03 UTC

This bug was referenced in samba master:

38a9910ac99a015a3dac76b93f02d16e140c05e6
34c4ab4c610960ba587659e077608778970363a0
b4e612725f9fe11f1791bd170cef8b0dade45ba6

Comment 2 Stefan Metzmacher 2026-04-28 13:11:35 UTC

Created attachment 18953 [details]
Patch for v4-24-test

Comment 3 Stefan Metzmacher 2026-04-28 13:11:57 UTC

Created attachment 18954 [details]
Patch for v4-23-test

Comment 4 Samba QA Contact 2026-05-12 14:57:11 UTC

This bug was referenced in samba v4-24-test:

4a44dbcb6b12aa23703c6b890387cc6eb5c21306
a4e5227a5d5e8fb4bd08e70e0435b7371af58e6c
55cebee139a4fb20b116e8bf76190cb4bf014ddc

Comment 5 Samba QA Contact 2026-05-12 15:54:47 UTC

This bug was referenced in samba v4-24-stable (Release samba-4.24.2):

4a44dbcb6b12aa23703c6b890387cc6eb5c21306
a4e5227a5d5e8fb4bd08e70e0435b7371af58e6c
55cebee139a4fb20b116e8bf76190cb4bf014ddc

Comment 6 Samba QA Contact 2026-05-28 01:38:03 UTC

This bug was referenced in samba v4-23-test:

c0607a2fc9f886aa945e467afa88f5d1baa41b86
34c6989c17cf5daefc73a171864a377b5603c082
38a25047bba69c03f9e2d5f2572ecee303ac2361