Bug 6986 - Segfault in auth_ntlmssp_end
Summary: Segfault in auth_ntlmssp_end
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.4.3
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-11 10:14 UTC by Orion Poplawski
Modified: 2011-07-07 09:35 UTC (History)
2 users (show)

See Also:

Attachments
smb.conf (11.12 KB, text/plain)
2009-12-11 11:26 UTC, Orion Poplawski 		no flags Details
smb.conf (13.09 KB, text/plain)
2009-12-11 11:29 UTC, Orion Poplawski 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Orion Poplawski 2009-12-11 10:14:00 UTC 
No idea if I have the right component here.

Trying to get 3.4.3 (samba3-3.4.3--41.el5 from sernet) up and running as a domain controller on a CentOS 5.4 machine - upgrading from 3.0.34.  When I try to connect from another machine with smbclient, smbd crashes with a segfault.  

(gdb) bt
#0  0x00f29402 in __kernel_vsyscall ()
#1  0x009fd040 in raise () from /lib/i686/nosegneg/libc.so.6
#2  0x009fea21 in abort () from /lib/i686/nosegneg/libc.so.6
#3  0x005a0cea in dump_core () at lib/fault.c:337
#4  0x005b202d in smb_panic (why=0x939df2 "internal error") at lib/util.c:1496
#5  0x005a1214 in sig_fault (sig=11) at lib/fault.c:52
#6  <signal handler called>
#7  auth_ntlmssp_end (auth_ntlmssp_state=0x9e37740) at auth/auth_ntlmssp.c:198
#8  0x00379e21 in reply_spnego_ntlmssp (req=0x9f2c818, vuid=100,
    auth_ntlmssp_state=0x9e37740, ntlmssp_blob=0xbfeac074, nt_status={v = 0}, OID=0x0,
    wrap=true) at smbd/sesssetup.c:687
#9  0x0037c05f in reply_sesssetup_and_X_spnego (req=0x9f2c818) at smbd/sesssetup.c:932
#10 0x0037c3f5 in reply_sesssetup_and_X (req=0x9f2c818) at smbd/sesssetup.c:1425
#11 0x003b14af in switch_message (type=115 's', req=0x9f2c818, size=254)
    at smbd/process.c:1377
#12 0x003b3e17 in process_smb (conn=0x9e35830, inbuf=0x9f2c6e8 "", nread=254, unread_bytes=0,
    encrypted=false, deferred_pcd=0x0) at smbd/process.c:1408
#13 0x003b4645 in smbd_server_connection_handler (ev=0x9e378d0, fde=0x9e37c40, flags=1,
    private_data=0x9e35830) at smbd/process.c:1887
#14 0x005c1cce in run_events (ev=0x9e378d0, selrtn=1, read_fds=0xbfeac674,
    write_fds=0xbfeac5f4) at lib/events.c:126
#15 0x003b3743 in smbd_process () at smbd/process.c:820
#16 0x008a7e95 in smbd_accept_connection (ev=0x9e378d0, fde=0x9f2a438, flags=1,
    private_data=0x9f29ce0) at smbd/server.c:395
#17 0x005c1cce in run_events (ev=0x9e378d0, selrtn=1, read_fds=0xbfeac9ec,
    write_fds=0xbfeac96c) at lib/events.c:126
#18 0x005c1f3f in s3_event_loop_once (ev=0x9e378d0, location=0x9bd378 "smbd/server.c:681")
    at lib/events.c:185
#19 0x005c248d in _tevent_loop_once (ev=0x9e378d0, location=0x9bd378 "smbd/server.c:681")
    at ../lib/tevent/tevent.c:490
#20 0x008a7b85 in main (argc=0, argv=0xbfeacdd4) at smbd/server.c:681
(gdb) up 7
#7  auth_ntlmssp_end (auth_ntlmssp_state=0x9e37740) at auth/auth_ntlmssp.c:198


Line 198 is :
        mem_ctx = (*auth_ntlmssp_state)->mem_ctx;

(gdb) print (*auth_ntlmssp_state)->mem_ctx
Cannot access memory at address 0x50
(gdb) print *auth_ntlmssp_state
$1 = (AUTH_NTLMSSP_STATE *) 0x50

log from client:

[2009/12/11 08:47:23,  0] auth/pampass.c:77(smb_pam_error_handler)
  smb_pam_error_handler: PAM: session setup failed : Cannot make/remove an entry for the specified session
[2009/12/11 08:47:23,  1] smbd/session.c:183(session_claim)
  pam_session rejected the session for orion [smb/9557/100]
[2009/12/11 08:47:23,  1] smbd/password.c:284(register_existing_vuid)
  register_existing_vuid: Failed to claim session for vuid=100
[2009/12/11 08:47:23,  0] lib/fault.c:46(fault_report)
  ===============================================================
[2009/12/11 08:47:23,  0] lib/fault.c:47(fault_report)
  INTERNAL ERROR: Signal 11 in pid 9557 (3.4.3)
....


Also got the same with 3.3.9
Comment 1 Guenther Deschner 2009-12-11 11:09:14 UTC 
Hm, cannot reproduce that with official 3.4.3 update from fedora on f12.

Can you post your server's smb.conf ?
Comment 2 Orion Poplawski 2009-12-11 11:26:16 UTC 
Created attachment 5083 [details]
smb.conf

I'll try the official rpm next...
Comment 3 Orion Poplawski 2009-12-11 11:29:13 UTC 
Created attachment 5084 [details]
smb.conf

Whoops, wrong config.
Comment 4 Orion Poplawski 2009-12-11 12:03:19 UTC 
Cannot reproduce with official samba 3.4.3 source build.  Sorry for the noise.