Bug 403 - dfsenum causes smbd to segfault
Summary: dfsenum causes smbd to segfault
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P3 normal
Target Milestone: 3.0.0rc3
Assignee: Tim Potter
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-04 08:41 UTC by Guenther Deschner
Modified: 2005-11-14 09:26 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2003-09-04 08:41:53 UTC 
samba 3.0 cvs (08-02-2003), suse 8.2


querying dfs-info via rpcclient causes smbd to panic.

this does not happen with dfs-info via security-tab from a windows-client (win2k)


this is the result of a simple dfsenum-call:

    rpcclient localhost -k -c dfsenum



[2003/09/04 17:02:01, 0] lib/util.c:smb_panic(1462)
  PANIC: internal error
[2003/09/04 17:02:01, 0] lib/util.c:smb_panic(1469)
  BACKTRACE: 27 stack frames:
   #0 /usr/sbin/smbd(smb_panic+0x1ab) [0x81bc992]
   #1 /usr/sbin/smbd [0x81ab7d9]
   #2 /usr/sbin/smbd [0x81ab83a]
   #3 /lib/libc.so.6 [0x4029d5c8]
   #4 /usr/sbin/smbd(alloc_sub_basic+0x22) [0x81c2ee9]
   #5 /usr/sbin/smbd(strftime+0x1bc2) [0x8077b66]
   #6 /usr/sbin/smbd(lp_servicename+0x3a) [0x8078964]
   #7 /usr/sbin/smbd(enum_msdfs_links+0x50) [0x80d998b]
   #8 /usr/sbin/smbd(_dfs_enum+0x22) [0x810e9a1]
   #9 /usr/sbin/smbd [0x810d945]
   #10 /usr/sbin/smbd(api_rpcTNP+0x232) [0x8147165]
   #11 /usr/sbin/smbd(api_pipe_request+0xe5) [0x8146ea4]
   #12 /usr/sbin/smbd [0x8140c04]
   #13 /usr/sbin/smbd [0x8140e21]
   #14 /usr/sbin/smbd [0x81410d5]
   #15 /usr/sbin/smbd [0x81412df]
   #16 /usr/sbin/smbd(write_to_pipe+0x109) [0x814124e]
   #17 /usr/sbin/smbd [0x808a330]
   #18 /usr/sbin/smbd [0x808a5b2]
   #19 /usr/sbin/smbd(reply_trans+0xb56) [0x808b17d]
   #20 /usr/sbin/smbd [0x80ccc46]
   #21 /usr/sbin/smbd [0x80cccf6]
   #22 /usr/sbin/smbd(process_smb+0x1fb) [0x80cd04b]
   #23 /usr/sbin/smbd(smbd_process+0x1e0) [0x80cdbe7]
   #24 /usr/sbin/smbd(main+0x81e) [0x8223965]
   #25 /lib/libc.so.6(__libc_start_main+0xce) [0x402898ae]
   #26 /usr/sbin/smbd(ldap_msgfree+0x7d) [0x8076f91]
Comment 1 Tim Potter 2003-09-04 17:54:56 UTC 
Hi Guenther.  Did you have DFS enabled on the Samba server?  I've fixed a crash
bug to do with dfsenum but the stack trace is different from what you have
posted above.
Comment 2 Guenther Deschner 2003-09-05 02:09:52 UTC 
hello tim,

yes, dfs is enabled on this host (and actually works). 
as i said, i do see all information in the security-tab from win2k but not via
rpcclient. with your fix the stack-backtrace still looks the same.
Comment 3 Tim Potter 2003-09-05 04:55:08 UTC 
Looks like I fixed a different bug then.  (-:
Comment 4 Tim Potter 2003-09-07 17:55:39 UTC 
I corrected some dodgy looking code which has fixed the problem.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-02-07 09:04:41 UTC 
originally reported against one of the 3.0.0rc[1-4] releases.
Cleaning up non-production versions.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:16:42 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 7 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:26:08 UTC 
database cleanup