Bug 6707 - 3.4.1 segfault in parsing configs.
3.4.1 segfault in parsing configs.
Status: RESOLVED FIXED
Product: Samba 3.4
Classification: Unclassified
Component: File services
3.4.1
Other Linux
: P3 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-09-10 11:50 UTC by Jeremy Allison
Modified: 2009-10-08 05:46 UTC (History)
0 users

See Also:
vl: review+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2009-09-10 11:50:52 UTC
Hi.

The attached, supplied as plain text and gzipped, fixes an occasional 
segfault caused by an out-of-bounds reference in config file parsing.

This likely applies to other versions as well, modulo fuzz.

Marc.

+----------------------------------+----------------------------------+
|  Marc Aurele La France           |  work:   1-780-492-9310          |
|  Academic Information and        |  fax:    1-780-492-1729          |
|    Communications Technologies   |  email:  tsi at ualberta.ca         |
|  352 General Services Building   +----------------------------------+
|  University of Alberta           |                                  |
|  Edmonton, Alberta               |    Standard disclaimers apply    |
|  T6G 2H1                         |                                  |
|  CANADA                          |                                  |
+----------------------------------+----------------------------------+
XFree86 developer and VP.  ATI driver and X server internals.
-------------- next part --------------
diff -adNpru samba-3.4.1/source3/lib/interfaces.c devel-3.4.1/source3/lib/interfaces.c
--- samba-3.4.1/source3/lib/interfaces.c	2009-09-09 06:40:43.000000000 -0600
+++ devel-3.4.1/source3/lib/interfaces.c	2009-09-10 07:56:43.000000000 -0600
@@ -156,10 +156,6 @@ static int _get_interfaces(TALLOC_CTX *m
 	/* Loop through interfaces, looking for given IP address */
 	for (ifptr = iflist; ifptr != NULL; ifptr = ifptr->ifa_next) {
 
-		memset(&ifaces[total], '\0', sizeof(ifaces[total]));
-
-		copy_size = sizeof(struct sockaddr_in);
-
 		if (!ifptr->ifa_addr || !ifptr->ifa_netmask) {
 			continue;
 		}
@@ -169,6 +165,10 @@ static int _get_interfaces(TALLOC_CTX *m
 			continue;
 		}
 
+		memset(&ifaces[total], '\0', sizeof(ifaces[total]));
+
+		copy_size = sizeof(struct sockaddr_in);
+
 		ifaces[total].flags = ifptr->ifa_flags;
 
 #if defined(HAVE_IPV6)
-------------- next part --------------
Comment 1 Jeremy Allison 2009-09-10 11:54:34 UTC
Looks likely to me. Volker please review and re-assign to Karolin for inclusion in 3.4.2 (and 3.3.x).
Cheers,
Jeremy
Comment 2 Volker Lendecke 2009-09-12 12:13:24 UTC
Karolin, this is 7c00227f00a83345 in master. Please pull for 3.4.2.

Thanks,

Volker
Comment 3 Karolin Seeger 2009-09-15 02:26:48 UTC
Pushed, will be included in 3.4.2.
Closing out bug report.

Thanks!