Bug 708 - access violation in nmbd
Summary: access violation in nmbd
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: nmbd (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-11-03 06:58 UTC by Alex Peshkoff
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Peshkoff 2003-11-03 06:58:58 UTC
When any computer, having russian workgroup name (russian editions of windows 
enable such names), tries to connect to samba server, exception 11 is raised 
and nmbd dies. This is extract from log.nmbd:

[2003/11/03 14:17:23, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****
  
  Samba name server SRV is now a local master browser for workgroup YWRZ on 
subnet 192.168.0.1
  
  *****
[2003/11/03 14:17:23, 0] nmbd/nmbd_workgroupdb.c:create_workgroup(63)
  create_workgroup: workgroup name ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l§·¨l§Ñ¨l§º¨l§á is too long. 
Truncating to ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 1428 (3.0.0)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/11/03 14:17:23, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/11/03 14:17:23, 0] lib/util.c:smb_panic(1407)
  BACKTRACE: 17 stack frames:
   #0 /usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80af4b8]
   #1 /usr/local/samba/sbin/nmbd [0x80a0d8b]
   #2 /usr/local/samba/sbin/nmbd [0x42028c48]
   #3 /usr/local/samba/sbin/nmbd(__libc_free+0x7c) [0x42074a2c]
   #4 /usr/local/samba/sbin/nmbd(vasprintf+0x119) [0x4206a1b9]
   #5 /usr/local/samba/sbin/nmbd(x_vfprintf+0x16) [0x80a76a2]
   #6 /usr/local/samba/sbin/nmbd(Debug1+0xc8) [0x80a0a18]
   #7 /usr/local/samba/sbin/nmbd(dbghdr+0x94) [0x80a0c08]
   #8 /usr/local/samba/sbin/nmbd [0x8072652]
   #9 /usr/local/samba/sbin/nmbd(create_workgroup_on_subnet+0x21) [0x80729a5]
   #10 /usr/local/samba/sbin/nmbd [0x80732ac]
   #11 /usr/local/samba/sbin/nmbd [0x8073482]
   #12 /usr/local/samba/sbin/nmbd(sync_check_completion+0x3d) [0x8073551]
   #13 /usr/local/samba/sbin/nmbd(strftime+0x1814) [0x805f3c8]
   #14 /usr/local/samba/sbin/nmbd(main+0x393) [0x805f92f]
   #15 /usr/local/samba/sbin/nmbd(__libc_start_main+0xa4) [0x420158d4]
   #16 /usr/local/samba/sbin/nmbd(chroot+0x31) [0x805e4d5]

Appears that win98 represents russian workgroupname as ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l§·¨l§Ñ¨l§º¨l§á,
while windows-visible name is "Buhgalteria", which is exactly 2 times shorter 
than reported by samba. May be this leads to some kind of buffer overflow?

Alex Peshkoff.
Comment 1 Gerald (Jerry) Carter 2004-03-04 09:00:30 UTC
The crash should be fixed in 3.0.2a
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:15:53 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter 2005-11-14 09:24:48 UTC
database cleanup