Bug 6040 - Calling Samba print server with an aliased DNS-name fails
Calling Samba print server with an aliased DNS-name fails
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: Printing
unspecified
Other Linux
: P3 regression
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-15 12:06 UTC by Jeremy Allison
Modified: 2011-03-06 09:22 UTC (History)
1 user (show)

See Also:


Attachments
Patch (643 bytes, patch)
2009-01-15 12:34 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2009-01-15 12:06:00 UTC
This one is a blocker bug as it can give memory corruption in smbd.

Jeremy.
--------------------------------------------------------------

Developers,

I believe there is a bug in Samba 3.2.7. Please refer to:

        http://marc.info/?l=samba&m=123188218612431&w=2
        "Calling Samba print server with an aliased DNS-name fails"

I invested some time to investigate this problem.

Somewhere in the process a call to the function 'is_myname_or_ipaddr' from
lib/util_sock.c is made. Since I am calling the server by it's DNS CNAME,
/* Handle possible CNAME records - convert to an IP addr. */ applies.

A call to 'print_sockaddr' is made, which calls print_sockaddr_len, which
calls sys_getnameinfo and finaly a call to getnameinfo is made.

The getnameinfo system call fails with error 11, which is a system error.
The reason why this call fails is that the buffer which is being used to
store the IP-address of the CNAME is too small.

Tracing back to the place were the buffer size is determined, we see that
this is done in lib/util_sock.c, line 2066 and further:

        print_sockaddr(name,
                sizeof(name),
                &ss);

Since I am compiling 64-bit and 'name' is a char*, the buffer size is
always 8. I believe this is wrong, since an IP-address string will not
(most of the time) fit in 8 bytes.

To test this, I replace 'sizeof' by 'strlen'. This resolves my problem: I
can connect to the server by it's CNAME and I can connect to shared
printers.

However, I think 'strlen' is inappropriate too. A CNAME 'a.b.nl' is only 6
bytes in length, so an IP-address will still not fit.

Browsing through the code, I found more places were 'sizeof' is being used.
I did not investigate this, but I imagine this could be wrong too.

Please confirm this indeed is a bug. And please CC me in replies, since I
am not member of the samba-technical list.

Best regards,
Remy Zandwijk
Comment 1 Jeremy Allison 2009-01-15 12:34:30 UTC
Created attachment 3879 [details]
Patch

Should fix the potential crash bug.
Jeremy.
Comment 2 Volker Lendecke 2011-03-06 09:22:46 UTC
An equivalent patch is upstream.