Bug 4408 - wbinfo -K NULL pointer dereference
wbinfo -K NULL pointer dereference
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.25a
Other All
: P3 normal
: none
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-23 01:38 UTC by SATOH Fumiyasu
Modified: 2007-06-21 09:33 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description SATOH Fumiyasu 2007-02-23 01:38:17 UTC
I'm using Samba 3.0.23d on Solaris 10.

  # wbinfo -K user%pass
  ...
  Segmentation Fault (core dumped)
  # pstack core
  core 'core' of 5283:    /usr/bin/wbinfo -K user%pass
   fec84c7c strlen   (80dd761, 80464cc, 8046410, 0) + c
   fecdd3cb vsnprintf (0, 0, 80dd714, 80464cc) + 73
   08092cd6 vasprintf (804648c, 80dd714, 80464cc) + 26
   08092e3b d_vfprintf (811a948, 80dd714, 80464cc) + 4b
   08092ffd d_printf (80dd714, 8047918, 810d008, 0) + 3d
   080641d9 wbinfo_auth_krb5 (8047918, 0, 7002) + 179
   08065932 main     (3, 8047dfc, 8047e0c) + 702
   08062a6a _start   (3, 8047eb8, 8047ed0, 8047ed3, 0, 8047ee2) + 7a

You can see the follwing code in nsswitch/wbinfo.c:
  const char *cctypes[] = { "FILE", 
                              "KCM", 
                              "KCM:0", 
                              "Garbage", 
                              NULL,
                              "0"};
    ...snipped...
  for (i=0; i < ARRAY_SIZE(cctypes); i++) {
    ...snipped...
    d_fprintf(stderr, "Could not authenticate user [%s] with "
                       "Kerberos (ccache: %s)\n", tok, cctypes[i]);
                                                            ^^^^^^^^^^^
                          *** Segfault happened here because cctypes[4] is NULL.***
    ...snipped...
  }

Is the following patch correct?

Index: SAMBA_3_0/source/nsswitch/wbinfo.c
===================================================================
--- SAMBA_3_0/source/nsswitch/wbinfo.c	(revision 21239)
+++ SAMBA_3_0/source/nsswitch/wbinfo.c	(working copy)
@@ -1453,7 +1453,6 @@ int main(int argc, char **argv, char **e
 							  "KCM", 
 							  "KCM:0", 
 							  "Garbage", 
-							  NULL, 
 							  "0"};
 
 				arg[0] = string_arg;
Comment 1 Guenther Deschner 2007-06-21 09:33:24 UTC
Problem should be solved with -r23568.

Thanks for the report.