Bug 6040 - Calling Samba print server with an aliased DNS-name fails
Summary: Calling Samba print server with an aliased DNS-name fails
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Printing (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 regression
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-01-15 12:06 UTC by Jeremy Allison
Modified: 2011-03-06 09:22 UTC (History)
1 user (show)

See Also:

Patch (643 bytes, patch)
2009-01-15 12:34 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2009-01-15 12:06:00 UTC
This one is a blocker bug as it can give memory corruption in smbd.



I believe there is a bug in Samba 3.2.7. Please refer to:

        "Calling Samba print server with an aliased DNS-name fails"

I invested some time to investigate this problem.

Somewhere in the process a call to the function 'is_myname_or_ipaddr' from
lib/util_sock.c is made. Since I am calling the server by it's DNS CNAME,
/* Handle possible CNAME records - convert to an IP addr. */ applies.

A call to 'print_sockaddr' is made, which calls print_sockaddr_len, which
calls sys_getnameinfo and finaly a call to getnameinfo is made.

The getnameinfo system call fails with error 11, which is a system error.
The reason why this call fails is that the buffer which is being used to
store the IP-address of the CNAME is too small.

Tracing back to the place were the buffer size is determined, we see that
this is done in lib/util_sock.c, line 2066 and further:


Since I am compiling 64-bit and 'name' is a char*, the buffer size is
always 8. I believe this is wrong, since an IP-address string will not
(most of the time) fit in 8 bytes.

To test this, I replace 'sizeof' by 'strlen'. This resolves my problem: I
can connect to the server by it's CNAME and I can connect to shared

However, I think 'strlen' is inappropriate too. A CNAME 'a.b.nl' is only 6
bytes in length, so an IP-address will still not fit.

Browsing through the code, I found more places were 'sizeof' is being used.
I did not investigate this, but I imagine this could be wrong too.

Please confirm this indeed is a bug. And please CC me in replies, since I
am not member of the samba-technical list.

Best regards,
Remy Zandwijk
Comment 1 Jeremy Allison 2009-01-15 12:34:30 UTC
Created attachment 3879 [details]

Should fix the potential crash bug.
Comment 2 Volker Lendecke 2011-03-06 09:22:46 UTC
An equivalent patch is upstream.