Bug 6986 - Segfault in auth_ntlmssp_end
Summary: Segfault in auth_ntlmssp_end
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.4.3
Hardware: Other Linux
: P3 normal
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-12-11 10:14 UTC by Orion Poplawski
Modified: 2011-07-07 09:35 UTC (History)
2 users (show)

See Also:

smb.conf (11.12 KB, text/plain)
2009-12-11 11:26 UTC, Orion Poplawski
no flags Details
smb.conf (13.09 KB, text/plain)
2009-12-11 11:29 UTC, Orion Poplawski
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Orion Poplawski 2009-12-11 10:14:00 UTC
No idea if I have the right component here.

Trying to get 3.4.3 (samba3-3.4.3--41.el5 from sernet) up and running as a domain controller on a CentOS 5.4 machine - upgrading from 3.0.34.  When I try to connect from another machine with smbclient, smbd crashes with a segfault.  

(gdb) bt
#0  0x00f29402 in __kernel_vsyscall ()
#1  0x009fd040 in raise () from /lib/i686/nosegneg/libc.so.6
#2  0x009fea21 in abort () from /lib/i686/nosegneg/libc.so.6
#3  0x005a0cea in dump_core () at lib/fault.c:337
#4  0x005b202d in smb_panic (why=0x939df2 "internal error") at lib/util.c:1496
#5  0x005a1214 in sig_fault (sig=11) at lib/fault.c:52
#6  <signal handler called>
#7  auth_ntlmssp_end (auth_ntlmssp_state=0x9e37740) at auth/auth_ntlmssp.c:198
#8  0x00379e21 in reply_spnego_ntlmssp (req=0x9f2c818, vuid=100,
    auth_ntlmssp_state=0x9e37740, ntlmssp_blob=0xbfeac074, nt_status={v = 0}, OID=0x0,
    wrap=true) at smbd/sesssetup.c:687
#9  0x0037c05f in reply_sesssetup_and_X_spnego (req=0x9f2c818) at smbd/sesssetup.c:932
#10 0x0037c3f5 in reply_sesssetup_and_X (req=0x9f2c818) at smbd/sesssetup.c:1425
#11 0x003b14af in switch_message (type=115 's', req=0x9f2c818, size=254)
    at smbd/process.c:1377
#12 0x003b3e17 in process_smb (conn=0x9e35830, inbuf=0x9f2c6e8 "", nread=254, unread_bytes=0,
    encrypted=false, deferred_pcd=0x0) at smbd/process.c:1408
#13 0x003b4645 in smbd_server_connection_handler (ev=0x9e378d0, fde=0x9e37c40, flags=1,
    private_data=0x9e35830) at smbd/process.c:1887
#14 0x005c1cce in run_events (ev=0x9e378d0, selrtn=1, read_fds=0xbfeac674,
    write_fds=0xbfeac5f4) at lib/events.c:126
#15 0x003b3743 in smbd_process () at smbd/process.c:820
#16 0x008a7e95 in smbd_accept_connection (ev=0x9e378d0, fde=0x9f2a438, flags=1,
    private_data=0x9f29ce0) at smbd/server.c:395
#17 0x005c1cce in run_events (ev=0x9e378d0, selrtn=1, read_fds=0xbfeac9ec,
    write_fds=0xbfeac96c) at lib/events.c:126
#18 0x005c1f3f in s3_event_loop_once (ev=0x9e378d0, location=0x9bd378 "smbd/server.c:681")
    at lib/events.c:185
#19 0x005c248d in _tevent_loop_once (ev=0x9e378d0, location=0x9bd378 "smbd/server.c:681")
    at ../lib/tevent/tevent.c:490
#20 0x008a7b85 in main (argc=0, argv=0xbfeacdd4) at smbd/server.c:681
(gdb) up 7
#7  auth_ntlmssp_end (auth_ntlmssp_state=0x9e37740) at auth/auth_ntlmssp.c:198

Line 198 is :
        mem_ctx = (*auth_ntlmssp_state)->mem_ctx;

(gdb) print (*auth_ntlmssp_state)->mem_ctx
Cannot access memory at address 0x50
(gdb) print *auth_ntlmssp_state
$1 = (AUTH_NTLMSSP_STATE *) 0x50

log from client:

[2009/12/11 08:47:23,  0] auth/pampass.c:77(smb_pam_error_handler)
  smb_pam_error_handler: PAM: session setup failed : Cannot make/remove an entry for the specified session
[2009/12/11 08:47:23,  1] smbd/session.c:183(session_claim)
  pam_session rejected the session for orion [smb/9557/100]
[2009/12/11 08:47:23,  1] smbd/password.c:284(register_existing_vuid)
  register_existing_vuid: Failed to claim session for vuid=100
[2009/12/11 08:47:23,  0] lib/fault.c:46(fault_report)
[2009/12/11 08:47:23,  0] lib/fault.c:47(fault_report)
  INTERNAL ERROR: Signal 11 in pid 9557 (3.4.3)

Also got the same with 3.3.9
Comment 1 Guenther Deschner 2009-12-11 11:09:14 UTC
Hm, cannot reproduce that with official 3.4.3 update from fedora on f12.

Can you post your server's smb.conf ?
Comment 2 Orion Poplawski 2009-12-11 11:26:16 UTC
Created attachment 5083 [details]

I'll try the official rpm next...
Comment 3 Orion Poplawski 2009-12-11 11:29:13 UTC
Created attachment 5084 [details]

Whoops, wrong config.
Comment 4 Orion Poplawski 2009-12-11 12:03:19 UTC
Cannot reproduce with official samba 3.4.3 source build.  Sorry for the noise.