The Samba-Bugzilla – Bug 6040
Calling Samba print server with an aliased DNS-name fails
Last modified: 2011-03-06 09:22:46 UTC
This one is a blocker bug as it can give memory corruption in smbd.
I believe there is a bug in Samba 3.2.7. Please refer to:
"Calling Samba print server with an aliased DNS-name fails"
I invested some time to investigate this problem.
Somewhere in the process a call to the function 'is_myname_or_ipaddr' from
lib/util_sock.c is made. Since I am calling the server by it's DNS CNAME,
/* Handle possible CNAME records - convert to an IP addr. */ applies.
A call to 'print_sockaddr' is made, which calls print_sockaddr_len, which
calls sys_getnameinfo and finaly a call to getnameinfo is made.
The getnameinfo system call fails with error 11, which is a system error.
The reason why this call fails is that the buffer which is being used to
store the IP-address of the CNAME is too small.
Tracing back to the place were the buffer size is determined, we see that
this is done in lib/util_sock.c, line 2066 and further:
Since I am compiling 64-bit and 'name' is a char*, the buffer size is
always 8. I believe this is wrong, since an IP-address string will not
(most of the time) fit in 8 bytes.
To test this, I replace 'sizeof' by 'strlen'. This resolves my problem: I
can connect to the server by it's CNAME and I can connect to shared
However, I think 'strlen' is inappropriate too. A CNAME 'a.b.nl' is only 6
bytes in length, so an IP-address will still not fit.
Browsing through the code, I found more places were 'sizeof' is being used.
I did not investigate this, but I imagine this could be wrong too.
Please confirm this indeed is a bug. And please CC me in replies, since I
am not member of the samba-technical list.
Created attachment 3879 [details]
Should fix the potential crash bug.
An equivalent patch is upstream.