The Samba-Bugzilla – Bug 6138
Panic (segfault) in dcesrv_netr_DsRGetDCNameEx2()
Last modified: 2009-06-07 21:43:13 UTC
Line 1223 of rpc_server/netlogon/dcerpc_netlogon.c has a reproducible case where NULL (via r->in.domain_name) is passed to strcasecmp() and causes a segfault.
Steps to reproduce (done w/ WinXP SP2 client):
1) Open ADUC
2) Right-click on domain (e.g. "smb4.internal.id10ts.net") in left pane
3) Choose "Find..."
4) samba segfaults
That should indeed be fixed.
We have now another condition in front of the "strcasecmp".
if (r->in.domain_name != NULL || strcasecmp(r->in.domain_name ...) == 0) ...
The "fix" you reference was initially made to the v4-0-test branch, as a quick fix before alpha7. I don't think it was even meant to get into the master branch. Per the commit message (from 76a0050e):
"This fix just for the release. A better fix will make it into the master branch soon."
Reopening until an appropriate fix can be implemented and tested, or until the fix from v4-0-test is declared as all that is necessary.
correct. This call needs much more work, despite the fix for some reason being merged into master.
The recent work to remove 'we could possibly have more than one domain' also fixed this issue properly