Bug 2338 - OS/2 xcopy to samba share - samba panics, if configure option --enable-developer is used
OS/2 xcopy to samba share - samba panics, if configure option --enable-develo...
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.9
All OS/2
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-12 19:50 UTC by Guenter Kukkukk
Modified: 2005-08-24 10:22 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Guenter Kukkukk 2005-02-12 19:50:11 UTC
When the os2 xcopy command is used to copy files to a samba share,
samba panics, if the configure option --enable-developer has been used:

[2005/02/13 01:45:31, 0] lib/util.c:smb_panic2(1503)
  BACKTRACE: 12 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x2c7) [0x825cb3f]
   #1 /usr/sbin/smbd(smb_panic+0x25) [0x825c872]
   #2 /usr/sbin/smbd(error_packet+0xf0) [0x81082c1]
   #3 /usr/sbin/smbd(set_bad_path_error+0x11e) [0x80d6b62]
   #4 /usr/sbin/smbd(reply_open_and_X+0x6a2) [0x80b865b]
   #5 /usr/sbin/smbd [0x810318e]
   #6 /usr/sbin/smbd [0x8103275]
   #7 /usr/sbin/smbd(process_smb+0x26f) [0x81036af]
   #8 /usr/sbin/smbd(smbd_process+0x233) [0x81046d1]
   #9 /usr/sbin/smbd(main+0x9f6) [0x82fa265]
   #10 /lib/tls/libc.so.6(__libc_start_main+0xe0) [0x402b1500]
   #11 /usr/sbin/smbd [0x807a521]

Background:
in file .../smbd/open.c -> function files_struct *open_file_shared1()

around line 1055 in the svn build 5369:
...
  /* this is for OS/2 EAs - try and say we don't support them */
  if (strstr(fname,".+,;=[].")) {
    unix_ERR_class = ERRDOS;
    /* OS/2 Workplace shell fix may be main code stream in a later release. */
#if 1 /* OS2_WPS_FIX - Recent versions of OS/2 need this. */
    unix_ERR_code = ERRcannotopen;
#else /* OS2_WPS_FIX */
    unix_ERR_code = ERROR_EAS_NOT_SUPPORTED;
#endif /* OS2_WPS_FIX */

    DEBUG(5,("open_file_shared: OS/2 EA's are not supported.\n"));
    file_free(fsp);
    return NULL;
  }
...

The above stuff is misleading and the implementation is incomplete.
It should be replaced by the following:

  /* this is for OS/2 - check for long filename support */
  if (strstr(fname,".+,;=[].")) {
    unix_ERR_class = ERRDOS;
    unix_ERR_code = ERRcannotopen;
    unix_ERR_ntstatus = NT_STATUS_OBJECT_NAME_NOT_FOUND; /* also needed */
    errno = 0;   /* any value should be fine, but _not_ ENOENT !! */
    file_free(fsp);
    return NULL;
  }

Returning NULL at this point of execution needs extreme care to not
confuse the caller of this function.
The intention of the developer was, to return an SMB packet with
    unix_ERR_class = ERRDOS;
    unix_ERR_code = ERRcannotopen;
but that goal is not hit in the original code.
The problem is "errno", which is checked by the caller on NULL return
(mostly) for ENOENT.
If it is ENOENT, then the intended
    unix_ERR_class = ERRDOS;
    unix_ERR_code = ERRcannotopen;
are not honored the right way - and the further programflow is
completely wrong.
So "errno" must be set to something != ENOENT (here 0 is used).

btw - samba panics, because some variables are set wrong:

error.c -> function int error_packet ()
....
#if defined(DEVELOPER)
  if (unix_ERR_class != SMB_SUCCESS || unix_ERR_code != 0 || !NT_STATUS_IS_OK
(unix_ERR_ntstatus))
    smb_panic("logic error in error processing");
#endif
....

The above change should solve all this problems.
btw - i have analyzed the (wrong) programflow and have prepared a paper
about that. If it's needed, please drop me a note.

Best wishes to the samba team.

Guenter Kukkukk
Entwicklungsbuero fuer Informationstechnologien
Damaschkestr. 24
10711 Berlin - Germany
Comment 1 Jim McDonough 2005-03-17 07:31:22 UTC
Updated with your patch.  Thanks!
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:22:04 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.