Bug 8792 - smbclient3 against a samba4 fs crash
Summary: smbclient3 against a samba4 fs crash
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: Tools (show other bugs)
Version: unspecified
Hardware: All Mac OS X
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: samba4-qa@samba.org
URL:
Keywords:
Depends on:
Blocks: 8622
  Show dependency treegraph
 
Reported: 2012-03-04 23:21 UTC by Matthieu Patou
Modified: 2012-03-17 04:15 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthieu Patou 2012-03-04 23:21:23 UTC
The error is 
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00007ffeea435394


here is the backtrace.

#0  0x00007fff8548effb in CC_MD5_Final ()
#1  0x0000000100c4c31d in calc_ntlmv2_key (subkey=0x10140dad4 "", session_key={data = 0x10140d8b0 "/�G����\003DV��%�$\020��@\001\001", length = 16}, constant=0x100c5c510 "session key to client-to-server signing key magic constant") at ../auth/ntlmssp/ntlmssp_sign.c:58
#2  0x0000000100c4e3df in ntlmssp_sign_init (ntlmssp_state=0x10140bfa0) at ../auth/ntlmssp/ntlmssp_sign.c:615
#3  0x0000000100b1b0cb in ntlmssp3_client_challenge (ntlmssp_state=0x10140bfa0, out_mem_ctx=0x10140bfa0, reply={data = 0x10140d740 "NTLMSSP", length = 186}, next_request=0x7fff5fbfe7e0) at ../source3/libsmb/ntlmssp.c:624
#4  0x0000000100b19be5 in ntlmssp_update (ntlmssp_state=0x10140bfa0, input={data = 0x10140d740 "NTLMSSP", length = 186}, out=0x7fff5fbfe7e0) at ../source3/libsmb/ntlmssp.c:226
#5  0x0000000100adf729 in cli_session_setup_ntlmssp_done (subreq=0x0) at ../source3/libsmb/cliconnect.c:1766
#6  0x00000001000e820d in _tevent_req_notify_callback (req=0x10140c8c0, location=0x100b1d720 "../source3/libsmb/cliconnect.c:1387") at ../lib/tevent/tevent_req.c:101
#7  0x00000001000e8239 in tevent_req_finish (req=0x10140c8c0, state=TEVENT_REQ_DONE, location=0x100b1d720 "../source3/libsmb/cliconnect.c:1387") at ../lib/tevent/tevent_req.c:110
#8  0x00000001000e825d in _tevent_req_done (req=0x10140c8c0, location=0x100b1d720 "../source3/libsmb/cliconnect.c:1387") at ../lib/tevent/tevent_req.c:116
#9  0x0000000100ade747 in cli_sesssetup_blob_done (subreq=0x0) at ../source3/libsmb/cliconnect.c:1387
#10 0x00000001000e820d in _tevent_req_notify_callback (req=0x10140cbf0, location=0x1002452e8 "../libcli/smb/smbXcli_base.c:1868") at ../lib/tevent/tevent_req.c:101
#11 0x00000001000e8239 in tevent_req_finish (req=0x10140cbf0, state=TEVENT_REQ_DONE, location=0x1002452e8 "../libcli/smb/smbXcli_base.c:1868") at ../lib/tevent/tevent_req.c:110
#12 0x00000001000e825d in _tevent_req_done (req=0x10140cbf0, location=0x1002452e8 "../libcli/smb/smbXcli_base.c:1868") at ../lib/tevent/tevent_req.c:116
#13 0x0000000100237ed9 in smb1cli_conn_dispatch_incoming (conn=0x10140bad0, tmp_mem=0x10140cdd0, inbuf=0x0) at ../libcli/smb/smbXcli_base.c:1868
#14 0x0000000100236997 in smbXcli_conn_received (subreq=0x0) at ../libcli/smb/smbXcli_base.c:1496
#15 0x00000001000e820d in _tevent_req_notify_callback (req=0x10140d3e0, location=0x100244667 "../libcli/smb/read_smb.c:98") at ../lib/tevent/tevent_req.c:101
#16 0x00000001000e8239 in tevent_req_finish (req=0x10140d3e0, state=TEVENT_REQ_DONE, location=0x100244667 "../libcli/smb/read_smb.c:98") at ../lib/tevent/tevent_req.c:110
#17 0x00000001000e825d in _tevent_req_done (req=0x10140d3e0, location=0x100244667 "../libcli/smb/read_smb.c:98") at ../lib/tevent/tevent_req.c:116
#18 0x000000010023399f in read_smb_done (subreq=0x0) at ../libcli/smb/read_smb.c:98
#19 0x00000001000e820d in _tevent_req_notify_callback (req=0x10140d610, location=0x1002475b0 "../lib/async_req/async_sock.c:635") at ../lib/tevent/tevent_req.c:101
#20 0x00000001000e8239 in tevent_req_finish (req=0x10140d610, state=TEVENT_REQ_DONE, location=0x1002475b0 "../lib/async_req/async_sock.c:635") at ../lib/tevent/tevent_req.c:110
#21 0x00000001000e825d in _tevent_req_done (req=0x10140d610, location=0x1002475b0 "../lib/async_req/async_sock.c:635") at ../lib/tevent/tevent_req.c:116
#22 0x000000010024370e in read_packet_handler (ev=0x10140ced0, fde=0x10140d860, flags=1, private_data=0x10140d610) at ../lib/async_req/async_sock.c:635
#23 0x00000001000eaada in std_event_loop_select (std_ev=0x10140cf90, tvalp=0x7fff5fbfefa0) at ../lib/tevent/tevent_standard.c:530
#24 0x00000001000eabe6 in std_event_loop_once (ev=0x10140ced0, location=0x1000ebd88 "../lib/tevent/tevent_req.c:210") at ../lib/tevent/tevent_standard.c:569
#25 0x00000001000e6988 in _tevent_loop_once (ev=0x10140ced0, location=0x1000ebd88 "../lib/tevent/tevent_req.c:210") at ../lib/tevent/tevent.c:504
#26 0x00000001000e847a in tevent_req_poll (req=0x10140d000, ev=0x10140ced0) at ../lib/tevent/tevent_req.c:210
#27 0x000000010018bfbb in tevent_req_poll_ntstatus (req=0x10140d000, ev=0x10140ced0, status=0x7fff5fbff100) at ../source3/lib/util.c:2171
#28 0x0000000100adf96b in cli_session_setup_ntlmssp (cli=0x10140b9a0, user=0x10140c340 "administrator", pass=0x101409f70 "Password01!", domain=0x10140a200 "WORKGROUP") at ../source3/libsmb/cliconnect.c:1821
#29 0x0000000100ae02bb in cli_session_setup_spnego (cli=0x10140b9a0, user=0x10140a070 "administrator", pass=0x101409f70 "Password01!", user_domain=0x10140a200 "WORKGROUP", dest_realm=0x0) at ../source3/libsmb/cliconnect.c:1986
#30 0x0000000100ae0852 in cli_session_setup (cli=0x10140b9a0, user=0x10140a070 "administrator", pass=0x101409f70 "Password01!", passlen=11, ntpass=0x101409f70 "Password01!", ntpasslen=11, workgroup=0x10140a200 "WORKGROUP") at ../source3/libsmb/cliconnect.c:2098
#31 0x0000000100b030b1 in do_connect (ctx=0x101408cc0, server=0x10140a7d2 "192.168.1.67", share=0x10140a0d0 "\\\\192.168.1.67\\sysvol", auth_info=0x1014098a0, show_sessetup=true, force_encrypt=false, max_protocol=5, port=0, name_type=32, pcli=0x7fff5fbff558) at ../source3/libsmb/clidfs.c:161
#32 0x0000000100b036e5 in cli_cm_connect (ctx=0x101408cc0, referring_cli=0x0, server=0x0, share=0x10140a0d0 "\\\\192.168.1.67\\sysvol", auth_info=0x1014098a0, show_hdr=true, force_encrypt=false, max_protocol=5, port=0, name_type=32, pcli=0x7fff5fbff608) at ../source3/libsmb/clidfs.c:285
#33 0x0000000100b03ae0 in cli_cm_open (ctx=0x101408cc0, referring_cli=0x0, server=0x0, share=0x10140a0d0 "\\\\192.168.1.67\\sysvol", auth_info=0x1014098a0, show_hdr=true, force_encrypt=false, max_protocol=5, port=0, name_type=32, pcli=0x100021480) at ../source3/libsmb/clidfs.c:388
#34 0x000000010000efd5 in process (base_directory=0x0) at ../source3/client/client.c:5115
#35 0x0000000100010285 in main (argc=3, argv=0x7fff5fbffb08) at ../source3/client/client.c:5530


smbclient (smbclient4) is ok.

Version was freshly rebuild from scratch with git changeset acfa107ec64ceb6bf3a28df14585cfb0ccc79f41
Comment 1 Matthieu Patou 2012-03-04 23:46:24 UTC
Did the test on 3.6.3 it works.

Seems to be something in master only.
Comment 2 Andrew Bartlett 2012-03-05 04:02:22 UTC
Is this MacOS X only?

It does not trivially reproduce on my Fedora 16 x86_64 workstation.

I suspect the recent change to use the BSD MD5 routines.
Comment 3 Matthieu Patou 2012-03-05 04:19:45 UTC
This is not reproducible on my ubuntu x64.

So it's a very much OsX related.

Can provide a ssh access.
Comment 4 Matthieu Patou 2012-03-17 04:15:32 UTC
Was fixed with b68f72c7f58c05870100d0d993c9baf0fa80a891