Bug 4273 - segfault in display_sam_entry
segfault in display_sam_entry
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: net utility
3.0.23d
Other Linux
: P3 normal
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-01 05:31 UTC by Pascal Terjan
Modified: 2006-12-02 03:17 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pascal Terjan 2006-12-01 05:31:02 UTC
net rpc samdump segfaults here

The log just before is :

[2006/11/22 13:16:38, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine cs3 pipe \NETLOGON fnum 0x77d5!
[2006/11/22 13:16:38, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 32 at offset 0

The segfault occurs because of the following code in dump_database :

=====
                result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type,
                                               sync_context,
                                               &num_deltas, &hdr_deltas, &deltas);
 
                if (NT_STATUS_IS_ERR(result))
                        break;

                for (i = 0; i < num_deltas; i++) {
=====

There is an error, num_deltas has an aberrant value but NT_STATUS_IS_ERR is false.

Replacing NT_STATUS_IS_ERR with !NT_STATUS_IS_OK avoids the crash
Comment 1 Pascal Terjan 2006-12-01 10:18:50 UTC
I added some debug, the error code is 0x1c010002 which NT_STATUS_IS_ERR does not handle.

BTW, with net rpc vampire I get the same error but it is correctly handled :

[2006/11/22 15:53:20, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine cs3 pipe \NETLOGON fnum 0x75ad!
[2006/11/22 15:53:20, 10] rpc_client/cli_pipe.c:rpc_api_pipe(843)
  rpc_api_pipe: got PDU len of 32 at offset 0
Failed to fetch domain database: NT code 0x1c010002
[2006/11/22 15:53:20, 1] utils/net_rpc.c:run_rpc_command(170)
  rpc command function failed! (NT code 0x1c010002)
Comment 2 Volker Lendecke 2006-12-02 03:17:45 UTC
Fixed with r20001, thanks!

Volker