Bug 6138 - Panic (segfault) in dcesrv_netr_DsRGetDCNameEx2()
Panic (segfault) in dcesrv_netr_DsRGetDCNameEx2()
Product: Samba 4.0
Classification: Unclassified
Component: Other
Other Linux
: P3 major
: ---
Assigned To: Andrew Bartlett
Andrew Bartlett
Depends on:
  Show dependency treegraph
Reported: 2009-02-24 23:57 UTC by Andrew Kroeger
Modified: 2009-06-07 21:43 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Kroeger 2009-02-24 23:57:27 UTC
Line 1223 of rpc_server/netlogon/dcerpc_netlogon.c has a reproducible case where NULL (via r->in.domain_name) is passed to strcasecmp() and causes a segfault.

Steps to reproduce (done w/ WinXP SP2 client):
1) Open ADUC
2) Right-click on domain (e.g. "smb4.internal.id10ts.net") in left pane
3) Choose "Find..."
4) samba segfaults
Comment 1 Matthias Dieter Wallnöfer 2009-03-04 03:14:51 UTC
That should indeed be fixed.
We have now another condition in front of the "strcasecmp".

if (r->in.domain_name != NULL || strcasecmp(r->in.domain_name ...) == 0) ...
Comment 2 Andrew Kroeger 2009-03-04 04:37:49 UTC
The "fix" you reference was initially made to the v4-0-test branch, as a quick fix before alpha7.  I don't think it was even meant to get into the master branch.  Per the commit message (from 76a0050e):

"This fix just for the release.  A better fix will make it into the master branch soon."

Reopening until an appropriate fix can be implemented and tested, or until the fix from v4-0-test is declared as all that is necessary.
Comment 3 Andrew Bartlett 2009-03-04 04:48:08 UTC
correct.  This call needs much more work, despite the fix for some reason being merged into master.
Comment 4 Andrew Bartlett 2009-06-07 21:43:13 UTC
The recent work to remove 'we could possibly have more than one domain' also fixed this issue properly