Bug 6498 - The Service Host process may stop unexpectedly in Windows Server 2003
Summary: The Service Host process may stop unexpectedly in Windows Server 2003
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: unspecified
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-06-23 03:35 UTC by Björn Jacke
Modified: 2009-06-27 03:36 UTC (History)
0 users

See Also:
bjacke: review+

fix for that (679 bytes, patch)
2009-06-23 03:37 UTC, Björn Jacke
no flags Details
the workaround for 3.0.26 (and maybe later 3.0 releases) (828 bytes, patch)
2009-06-23 03:41 UTC, Björn Jacke
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2009-06-23 03:35:18 UTC
$SUMMARY is the exact title of Microsoft's KB932762:

The Service Host process (Svchost.exe) that hosts the Computer Browser service and the Server service stops unexpectedly in Microsoft Windows Server 2003. Additionally, if you try to restart the Server service that is hosted by the Service Host, you receive the following error message:

Could not start the Server service on Local Computer.
Error 5: Access is denied.

When this problem occurs, the following services also stop:

    * Application Experience Lookup Service (AeLookupSvc)
    * Automatic Updates (Wuauserv)
    * Background Intelligent Transfer Service (BITS)
    * COM+ Event System (EventSystem)
    * Computer Browser (Browser)
    * Cryptographic Services (CryptSvc)
    * Distributed Link Tracking Client (TrkWks)
    * Help and Support (Helpsvc)
    * Logical Disk Manager (Dmserver)
    * Network Connections (Netman)
    * Network Location Awareness (Nla)
    * Remote Access Connection Manager (RasMan)
    * Secondary Logon (Seclogon)
    * Server (Lanmanserver)
    * Shell Hardware Detection (ShellHWDetection)
    * System Event Notification (SENS)
    * Task Scheduler (Schedule)
    * Windows Audio (AudioSrv)
    * Windows Firewall/Internet Connection Sharing (SharedAccess)
    * Windows Management Instrumentation (Winmgmt)
    * Wireless Configuration (WZCSVC)
    * Workstation (Lanmanworkstation) 

The problem is most likely to occur if some third-party server becomes the master browser. When a Windows-based server is the master browser, it does not let any host that is advertising its share to use a server comment that is larger than 48 bytes. When a third-party server message block (SMB) server becomes the master browser, it lets a host use a server comment that is larger than 48 bytes. In this case, when a Windows Server receives and tries to process the browser list, the Server service crashes. This behavior occurs because there is an overflow that eventually leads to a heap corruption.

"third-party server" is obviously Samba, unfortunately this was back in the days when Microsoft didn't file bugs at bugzilla.samba.org.

Attached is a workaround patch for the problem, applying to 3.2, 3.3, 3.4 and master. As we really don't want any Windows machine to crash this should go into all these branches.
Comment 1 Björn Jacke 2009-06-23 03:37:46 UTC
Created attachment 4342 [details]
fix for that
Comment 2 Björn Jacke 2009-06-23 03:41:47 UTC
Created attachment 4343 [details]
the workaround for 3.0.26 (and maybe later 3.0 releases)
Comment 3 Volker Lendecke 2009-06-27 02:24:36 UTC
As this patch is from me, I think our procedural rules are fulfilled to get this into the release branches. Björn as another developer tested this positively :-)

Comment 4 Karolin Seeger 2009-06-27 03:36:42 UTC
Pushed to master, v3-0-test, v3-2-test, v3-3-test and v3-4-test.
Closing out bug report.