9215 – Bad name in SMB1 openX can cause a crash in iconv inside glibc

Bug 9215 - Bad name in SMB1 openX can cause a crash in iconv inside glibc

Summary: Bad name in SMB1 openX can cause a crash in iconv inside glibc

Status:	NEW

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 critical
Target Milestone:	---
Assignee:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-09-26 00:11 UTC by Jeremy Allison
Modified:	2015-06-15 07:45 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2012-09-26 00:11:43 UTC

Found by Codenomicon at the SNIA plugfest.

openX packet with unicode bit set and 65535 bytes of 0xCC causes a glibc crash on Linux.

As we can't fix glibc I have a patch for 3.5.x, 3.6.x and 4.0.x that Simo and I confirmed avoids the problem in Samba.

Jeremy.

Format For Printing
- XML
- Clone This Bug
- Top of page