Bug 708 - access violation in nmbd
access violation in nmbd
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: nmbd
3.0.0
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-03 06:58 UTC by Alex Peshkoff
Modified: 2005-11-14 09:24 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Peshkoff 2003-11-03 06:58:58 UTC
When any computer, having russian workgroup name (russian editions of windows 
enable such names), tries to connect to samba server, exception 11 is raised 
and nmbd dies. This is extract from log.nmbd:

[2003/11/03 14:17:23, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
  *****
  
  Samba name server SRV is now a local master browser for workgroup YWRZ on 
subnet 192.168.0.1
  
  *****
[2003/11/03 14:17:23, 0] nmbd/nmbd_workgroupdb.c:create_workgroup(63)
  create_workgroup: workgroup name ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l§·¨l§Ñ¨l§º¨l§á is too long. 
Truncating to ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 1428 (3.0.0)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/11/03 14:17:23, 0] lib/fault.c:fault_report(39)
  ===============================================================
[2003/11/03 14:17:23, 0] lib/util.c:smb_panic(1400)
  PANIC: internal error
[2003/11/03 14:17:23, 0] lib/util.c:smb_panic(1407)
  BACKTRACE: 17 stack frames:
   #0 /usr/local/samba/sbin/nmbd(smb_panic+0xfc) [0x80af4b8]
   #1 /usr/local/samba/sbin/nmbd [0x80a0d8b]
   #2 /usr/local/samba/sbin/nmbd [0x42028c48]
   #3 /usr/local/samba/sbin/nmbd(__libc_free+0x7c) [0x42074a2c]
   #4 /usr/local/samba/sbin/nmbd(vasprintf+0x119) [0x4206a1b9]
   #5 /usr/local/samba/sbin/nmbd(x_vfprintf+0x16) [0x80a76a2]
   #6 /usr/local/samba/sbin/nmbd(Debug1+0xc8) [0x80a0a18]
   #7 /usr/local/samba/sbin/nmbd(dbghdr+0x94) [0x80a0c08]
   #8 /usr/local/samba/sbin/nmbd [0x8072652]
   #9 /usr/local/samba/sbin/nmbd(create_workgroup_on_subnet+0x21) [0x80729a5]
   #10 /usr/local/samba/sbin/nmbd [0x80732ac]
   #11 /usr/local/samba/sbin/nmbd [0x8073482]
   #12 /usr/local/samba/sbin/nmbd(sync_check_completion+0x3d) [0x8073551]
   #13 /usr/local/samba/sbin/nmbd(strftime+0x1814) [0x805f3c8]
   #14 /usr/local/samba/sbin/nmbd(main+0x393) [0x805f92f]
   #15 /usr/local/samba/sbin/nmbd(__libc_start_main+0xa4) [0x420158d4]
   #16 /usr/local/samba/sbin/nmbd(chroot+0x31) [0x805e4d5]

Appears that win98 represents russian workgroupname as ¨l§³¨l§Ô¨l§Ö¨l§µ¨l§²¨l§½¨l§Ó¨l§·¨l§Ñ¨l§º¨l§á,
while windows-visible name is "Buhgalteria", which is exactly 2 times shorter 
than reported by samba. May be this leads to some kind of buffer overflow?

Alex Peshkoff.
Comment 1 Gerald (Jerry) Carter 2004-03-04 09:00:30 UTC
The crash should be fixed in 3.0.2a
Comment 2 Gerald (Jerry) Carter 2005-08-24 10:15:53 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 3 Gerald (Jerry) Carter 2005-11-14 09:24:48 UTC
database cleanup