Bug 2863 - free() memory bug
Summary: free() memory bug
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.14a
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-08 04:18 UTC by david rigler
Modified: 2005-08-24 10:26 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description david rigler 2005-07-08 04:18:56 UTC 
*** glibc detected *** /usr/sbin/smbd: free(): invalid pointer: 0x00c617f0 ***
======= Backtrace: =========
/lib/libc.so.6[0xae6424]
/lib/libc.so.6(__libc_free+0x77)[0xae695f]
/lib/libcom_err.so.2(remove_error_table+0x4b)[0x138abb]
/usr/lib/libkrb5.so.3[0xbff823]
/usr/lib/libkrb5.so.3[0xbff5c7]
/usr/lib/libkrb5.so.3[0xc503ba]
/lib/ld-linux.so.2[0x8e2058]
/lib/libc.so.6(exit+0xc5)[0xaadc69]
/usr/sbin/smbd(exit_server+0x25c)[0x4afae6]
/usr/sbin/smbd(main+0x995)[0x4b06a1]
/lib/libc.so.6(__libc_start_main+0xc6)[0xa97de6]
/usr/sbin/smbd[0x2ae4f1]
======= Memory map: ========
00111000-00134000 r-xp 00000000 fd:00 4413501    /usr/lib/libk5crypto.so.3.0
00134000-00135000 rwxp 00023000 fd:00 4413501    /usr/lib/libk5crypto.so.3.0
00135000-00137000 r-xp 00000000 fd:00 4284162    /usr/lib/libkrb5support.so.0.0
00137000-00138000 rwxp 00001000 fd:00 4284162    /usr/lib/libkrb5support.so.0.0
00138000-0013a000 r-xp 00000000 fd:00 5384802    /lib/libcom_err.so.2.1
0013a000-0013b000 rwxp 00001000 fd:00 5384802    /lib/libcom_err.so.2.1
0013b000-0014a000 r-xp 00000000 fd:00 5384800    /lib/libresolv-2.3.5.so
0014a000-0014b000 r-xp 0000e000 fd:00 5384800    /lib/libresolv-2.3.5.so
0014b000-0014c000 rwxp 0000f000 fd:00 5384800    /lib/libresolv-2.3.5.so
0014c000-0014e000 rwxp 0014c000 00:00 0 
0014e000-0016b000 r-xp 00000000 fd:00 4210364    /usr/lib/libcups.so.2
0016b000-0016d000 rwxp 0001c000 fd:00 4210364    /usr/lib/libcups.so.2
0016d000-001a2000 r-xp 00000000 fd:00 5384804    /lib/libssl.so.0.9.7f
001a2000-001a5000 rwxp 00035000 fd:00 5384804    /lib/libssl.so.0.9.7f
001a5000-001b7000 r-xp 00000000 fd:00 5384805    /lib/libnsl-2.3.5.so
001b7000-001b8000 r-xp 00011000 fd:00 5384805    /lib/libnsl-2.3.5.so
001b8000-001b9000 rwxp 00012000 fd:00 5384805    /lib/libnsl-2.3.5.so
001b9000-001bb000 rwxp 001b9000 00:00 0 
001bb000-001c0000 r-xp 00000000 fd:00 5255984    /lib/libacl.so.1.1.0
001c0000-001c1000 rwxp 00004000 fd:00 5255984    /lib/libacl.so.1.1.0
001c1000-001d6000 r-xp 00000000 fd:00 4206045    /usr/lib/libsasl2.so.2.0.20
001d6000-001d7000 rwxp 00015000 fd:00 4206045    /usr/lib/libsasl2.so.2.0.20
001d7000-001e0000 r-xp 00000000 fd:00 5384809    /lib/libaudit.so.0.0.0
001e0000-001e4000 rwxp 00009000 fd:00 5384809    /lib/libaudit.so.0.0.0
001e4000-001e6000 r-xp 00000000 fd:00 11536721   /usr/lib/gconv/UTF-16.so
001e6000-001e8000 rwxp 00001000 fd:00 11536721   /usr/lib/gconv/UTF-16.so
001e8000-001ea000 r-xp 00000000 fd:00 11536624   /usr/lib/gconv/IBM850.so
001ea000-001ec000 rwxp 00001000 fd:00 11536624   /usr/lib/gconv/IBM850.so
001ec000-001f5000 r-xp 00000000 fd:00 5246842    /lib/libnss_files-2.3.5.so
001f5000-001f6000 r-xp 00008000 fd:00 5246842    /lib/libnss_files-2.3.5.so
001f6000-001f7000 rwxp 00009000 fd:00 5246842    /lib/libnss_files-2.3.5.so
001f7000-001fb000 r-xp 00000000 fd:00 5246839    /lib/libnss_dns-2.3.5.so
001fb000-001fc000 r-xp 00003000 fd:00 5246839    /lib/libnss_dns-2.3.5.so
001fc000-001fd000 rwxp 00004000 fd:00 5246839    /lib/libnss_dns-2.3.5.so
00276000-0054a000 r-xp 00000000 fd:00 5271583    /usr/sbin/smbd
0054a000-00561000 rwxp 002d3000 fd:00 5271583    /usr/sbin/smbd
00561000-00579000 rwxp 00561000 00:00 0 
00579000-00671000 r-xp 00000000 fd:00 5384803    /lib/libcrypto.so.0.9.7f
00671000-00683000 rwxp 000f8000 fd:00 5384803    /lib/libcrypto.so.0.9.7f
00683000-00686000 rwxp 00683000 00:00 0 
006ee000-006ef000 r-xp 006ee000 00:00 0 
007c5000-007c7000 r-xp 00000000 fd:00 5384797    /lib/libdl-2.3.5.so
007c7000-007c8000 r-xp 00001000 fd:00 5384797    /lib/libdl-2.3.5.so
007c8000-007c9000 rwxp 00002000 fd:00 5384797    /lib/libdl-2.3.5.so
007e1000-007e4000 r-xp 00000000 fd:00 5258455    /lib/libattr.so.1.1.0
007e4000-007e5000 rwxp 00002000 fd:00 5258455    /lib/libattr.so.1.1.0
008d4000-008ee000 r-xp 00000000 fd:00 5248476    /lib/ld-2.3.5.so
008ee000-008ef000 r-xp 00019000 fd:00 5248476    /lib/ld-2.3.5.so
008ef000-008f0000 rwxp 0001a000 fd:00 5248476    /lib/ld-2.3.5.so
00959000-00960000 r-xp 00000000 fd:00 4210366    /usr/lib/libpopt.so.0.0.0
00960000-00961000 rwxp 00006000 fd:00 4210366    /usr/lib/libpopt.so.0.0.0
009b3000-009c0000 r-xp 00000000 fd:00 4210367    /usr/lib/liblber-2.2.so.7.0.16
009c0000-009c1000 rwxp 0000c000 fd:00 4210367    /usr/lib/liblber-2.2.so.7.0.16
00a7a000-00a82000 r-xp 00000000 fd:00 5384810    /lib/libpam.so.0.79
00a82000-00a83000 rwxp 00007000 fd:00 5384810    /lib/libpam.so.0.79
00a83000-00ba7000 r-xp 00000000 fd:00 5383389    /lib/libc-2.3.5.so
00ba7000-00ba9000 r-xp 00124000 fd:00 5383389    /lib/libc-2.3.5.so
00ba9000-00bab000 rwxp 00126000 fd:00 5383389    /lib/libc-2.3.5.so
00bab000-00bad000 rwxp 00bab000 00:00 0 
00bf0000-00c5f000 r-xp 00000000 fd:00 4413502    /usr/lib/libkrb5.so.3.2
00c5f000-00c62000 rwxp 0006e000 fd:00 4413502    /usr/lib/libkrb5.so.3.2
00c99000-00ccd000 r-xp 00000000 fd:00 4204453    /usr/lib/libldap-2.2.so.7.0.16
00ccd000-00ccf000 rwxp 00033000 fd:00 4204453    /usr/lib/libldap-2.2.so.7.0.16
00d57000-00d60000 r-xp 00000000 fd:00 5384799    /lib/libgcc_s-4.0.0-20050520.so.1
00d60000-00d61000 rwxp 00009000 fd:00 5384799    /lib/libgcc_s-4.0.0-20050520.so.1
00db0000-00dc2000 r-xp 00000000 fd:00 4279132    /usr/lib/libz.so.1.2.2.2
00dc2000-00dc3000 rwxp 00011000 fd:00 4279132    /usr/lib/libz.so.1.2.2.2
00dd0000-00de6000 r-xp 00000000 fd:00 4413503    /usr/lib/libgssapi_krb5.so.2.2
00de6000-00de7000 rwxp 00016000 fd:00 4413503    /usr/lib/libgssapi_krb5.so.2.2
00ef2000-00ef7000 r-xp 00000000 fd:00 5384806    /lib/libcrypt-2.3.5.so
00ef7000-00ef8000 r-xp 00004000 fd:00 5384806    /lib/libcrypt-2.3.5.so
00ef8000-00ef9000 rwxp 00005000 fd:00 5384806    /lib/libcrypt-2.3.5.so
00ef9000-00f20000 rwxp 00ef9000 00:00 0 
09299000-0931c000 rw-p 09299000 00:00 0          [heap]
b7b00000-b7b21000 rw-p b7b00000 00:00 0 
b7b21000-b7c00000 ---p b7b21000 00:00 0 
b7c80000-b7c86000 rw-s 00000000 fd:00 13926023   /var/cache/samba/sessionid.tdb
b7c86000-b7cc8000 rw-p b7c86000 00:00 0 
b7cc8000-b7cd8000 r--s 00000000 fd:00 9462364    /usr/lib/samba/valid.dat
b7cd8000-b7cde000 r--s 00000000 fd:00 11536733   /usr/lib/gconv/gconv-modules.cache
b7cde000-b7cdf000 r--p 00c54000 fd:00 6293619    /usr/lib/locale/locale-archive
b7cdf000-b7d11000 r--p 00c0b000 fd:00 6293619    /usr/lib/locale/locale-archive
b7d11000-b7f11000 r--p 00000000 fd:00 6293619    /usr/lib/locale/locale-archive
b7f11000-b7f31000 r--s 00000000 fd:00 9462362    /usr/lib/samba/lowcase.dat
b7f31000-b7f51000 r--s 00000000 fd:00 9462363    /usr/lib/samba/upcase.dat
b7f51000-b7f57000 rw-p b7f51000 00:00 0 
b7f59000-b7f5b000 rw-s 00000000 fd:00 8420117    /etc/samba/secrets.tdb
b7f5b000-b7f5d000 rw-s 00000000 fd:00 13926020   /var/cache/samba/group_mapping.tdb
b7f5d000-b7f5f000 rw-s 00000000 fd:00 13926021   /var/cache/samba/account_policy.tdb
b7f5f000-b7f61000 rw-s 00000000 fd:00 13926024   /var/cache/samba/connections.tdb
b7f61000-b7f63000 rw-s 00000000 fd:00 13926031   /var/cache/samba/ntprinters.tdb
b7f63000-b7f65000 rw-s 00000000 fd:00 13926030   /var/cache/samba/ntdrivers.tdb
b7f65000-b7f67000 rw-s 00000000 fd:00 13926029   /var/cache/samba/registry.tdb
b7f69000-b7f6b000 rw-s 00000000 fd:00 13926027   /var/cache/samba/share_info.tdb
b7f6d000-b7f6e000 rw-s 00000000 fd:00 13926032   /var/cache/samba/ntforms.tdb
b7f6f000-b7f70000 rw-s 00000000 fd:00 13926017   /var/cache/samba/messages.tdb
bff4b000-bff70000 rw-p bff4b000 00:00 0          [stack]
(END)
Comment 1 Jeremy Allison 2005-07-09 14:33:02 UTC 
Can you please recompile smbd with the -g option so we can get a backtrace with
line numbers ? As it is we have very little information about the error here.
How did you reproduce it ?
Jeremy.
Comment 2 david rigler 2005-07-11 02:43:47 UTC 
(In reply to comment #1)
> Can you please recompile smbd with the -g option so we can get a backtrace with
> line numbers ? As it is we have very little information about the error here.
> How did you reproduce it ?
> Jeremy.

I'm afraid i havent got the source, this was a binary install for Fedora Core 4.
But there was an extra line i missed 

[root@linuxbox samba]# cat 192.168.1.250.log
[2005/07/11 10:18:23, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username DATA-ACTION\Administrator is invalid on this system

This is reproducible on my system, the circumstances are

1> From Windows 2003 server + SP1, or Windows XP + SP2 workstation
2> Log on, any user. This user DOES NOT HAVE AN ACCOUNT on the linux machine
3> From the DOS prompt "net view \\linuxmachine"
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-07-15 15:33:49 UTC 
I think this was fixed by abartlet's getpwnam_alloc() fixes.
The patch is here:

    http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&rev=7372
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:26:25 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.