Bug 4193 - smbclient memory corruption and crash when using "mput [filename with multibyte character]"
Summary: smbclient memory corruption and crash when using "mput [filename with multiby...
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: smbclient (show other bugs)
Version: 3.0.23c
Hardware: x86 Linux
: P3 critical
Target Milestone: none
Assignee: Jennifer Sutton
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-28 04:52 UTC by Tomasz Ostrowski (dead mail address)
Modified: 2021-03-21 20:44 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tomasz Ostrowski (dead mail address) 2006-10-28 04:52:05 UTC
When using "mput" in smbclient from samba-3.0.23c on a directory with files with multibyte characters in name under UTF-8 locale I've experienced that smbclient sometimes crashes.

Valgring is detecting it is a memory corruption issue - it can be reproduced this way:

$echo $LANG
en_US.UTF-8
$ mkdir /tmp/test
$ cd /tmp/test
$ touch '®' # registered sign
$ valgrind smbclient '//server/share' 'password' \
  -U 'username' -W 'workgroup' -c 'prompt; mput ®'

This detects the following error:
==13333== Invalid write of size 1
==13333==    at 0xB10F9: pull_ucs2 (charcnv.c:1201)
==13333==    by 0xBF9B4: string_replace (util_str.c:392)
==13333==    by 0x23C5C: cmd_mput (client.c:1525)
==13333==    by 0x27C21: process_command_string (client.c:2934)
==13333==    by 0x28A9E: process (client.c:3253)
==13333==    by 0x29B8B: main (client.c:3622)
==13333==  Address 0x4C8CB1C is 0 bytes after a block of size 4 alloc'd
==13333==    at 0x48051F9: malloc (vg_replace_malloc.c:149)
==13333==    by 0x4BF6563E: vasprintf (in /lib/libc-2.4.so)
==13333==    by 0x4BF4D19D: asprintf (in /lib/libc-2.4.so)
==13333==    by 0x23C3A: cmd_mput (client.c:1522)
==13333==    by 0x27C21: process_command_string (client.c:2934)
==13333==    by 0x28A9E: process (client.c:3253)
==13333==    by 0x29B8B: main (client.c:3622)

I have compiled vanilla samba-3.0.23c with debugging symbols and no optimizations using "cd source; ./configure; make CFLAGS='-O0 -g'" to eliminate distribution introduced bugs and to get meaningful output from valgring.
Comment 1 Tomasz Ostrowski (dead mail address) 2021-03-21 20:44:21 UTC
The affected version is discontinued (EOL) long time ago (https://wiki.samba.org/index.php/Samba_Release_Planning).