Bug 9830 - panic in nt_printer_publish_ads()
panic in nt_printer_publish_ads()
Status: RESOLVED FIXED
Product: Samba 3.6
Classification: Unclassified
Component: Printing
3.6.13
All All
: P5 normal
: ---
Assigned To: Karolin Seeger
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-25 13:45 UTC by David Disseldorp
Modified: 2013-04-30 10:59 UTC (History)
1 user (show)

See Also:


Attachments
patch against v4-0-test, same as what has been pushed to autobuild (1.66 KB, patch)
2013-04-25 15:51 UTC, David Disseldorp
ddiss: review? (gd)
asn: review+
Details
patch against v3-6-test, uses global_myname() instead of lp_netbios_name() (1.52 KB, patch)
2013-04-25 15:53 UTC, David Disseldorp
ddiss: review? (gd)
asn: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Disseldorp 2013-04-25 13:45:23 UTC
I hit an assertion failure in ldap_get_dn() which appears to be due to sloppy error handling in nt_printer_publish_ads():

#9  0x00007f3ccbd7d9f0 in __assert_fail () from /lib64/libc.so.6
#10 0x00007f3cced0cf58 in ldap_get_dn () from /usr/lib64/libldap-2.4.so.2
#11 0x00007f3ccf5c742c in nt_printer_publish_ads (msg_ctx=0x7f3ccfcdc710, ads=0x7f3ccfd104c0, pinfo2=0x7f3ccfd153e0) at printing/nt_printing_ads.c:200
#12 0x00007f3ccf5c83f1 in nt_printer_publish (mem_ctx=<optimized out>, session_info=0x7f3ccfd1a850, msg_ctx=0x7f3ccfcdc710, pinfo2=0x7f3ccfd153e0, action=2) at printing/nt_printing_ads.c:393
#13 0x00007f3ccf5c0a26 in nt_printer_add (mem_ctx=0x7f3ccfd1a850, session_info=0x7f3ccfd1a850, msg_ctx=0x7f3ccfcdc710, printer=0x7f3ccfcdf8a0 "static_printer", publish=<optimized out>) at printing/nt_printing.c:1928
#14 0x00007f3ccf26be74 in reload_printers_full (ev=0x7f3ccfcda460, msg_ctx=0x7f3ccfcdc710) at smbd/server_reload.c:136
#15 0x00007f3ccf5bb209 in reload_pcap_change_notify (ev=0x101d, msg_ctx=0x101d) at printing/printing.c:1672
#16 0x00007f3ccf550665 in cups_async_callback (event_ctx=<optimized out>, event=<optimized out>, flags=<optimized out>, p=0x7f3ccfcfe390) at printing/print_cups.c:549
#17 0x00007f3ccf598edf in run_events_poll (ev=0x7f3ccfcda460, pollrtn=<optimized out>, pfds=0x7f3ccfcfc780, num_pfds=3) at lib/events.c:286
#18 0x00007f3ccf59937e in s3_event_loop_once (ev=0x7f3ccfcda460, location=<optimized out>) at lib/events.c:349
#19 0x00007f3ccf599700 in _tevent_loop_once (ev=0x7f3ccfcda460, location=0x7f3ccf96f223 "printing/printing.c:1837") at ../lib/tevent/tevent.c:494
#20 0x00007f3ccf59978b in tevent_common_loop_wait (ev=0x7f3ccfcda460, location=0x7f3ccf96f223 "printing/printing.c:1837") at ../lib/tevent/tevent.c:595
#21 0x00007f3ccf5baff8 in start_background_queue (ev=0x7f3ccfcda460, msg_ctx=0x7f3ccfcdc710) at printing/printing.c:1837
#22 0x00007f3ccf7f4c61 in main (argc=<optimized out>, argv=0x7fffcb745788) at smbd/server.c:1294

The LDAPMessage pointer passed to ldap_get_dn() is NULL:
(gdb) up 11
#11 0x00007f3ccf5c742c in nt_printer_publish_ads (msg_ctx=0x7f3ccfcdc710, ads=0x7f3ccfd104c0, pinfo2=0x7f3ccfd153e0) at printing/nt_printing_ads.c:200
200             srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);
(gdb) p ads->ldap.ld
$4 = (LDAP *) 0x7f3ccfcff7f0
(gdb) p res
$5 = (LDAPMessage *) 0x0

This is due to the fact that errors from ads_find_machine_acct() are not handled: 

(gdb) l
195             ads_find_machine_acct(ads, &res, global_myname());
196
197             /* We use ldap_get_dn here as we need the answer
198              * in utf8 to call ldap_explode_dn(). JRA. */
199
200             srv_dn_utf8 = ldap_get_dn((LDAP *)ads->ldap.ld, (LDAPMessage *)res);

Patches to follow. This bug is present in Samba 3.6 upwards.
Comment 1 David Disseldorp 2013-04-25 15:51:19 UTC
Created attachment 8815 [details]
patch against v4-0-test, same as what has been pushed to autobuild
Comment 2 David Disseldorp 2013-04-25 15:53:34 UTC
Created attachment 8816 [details]
patch against v3-6-test, uses global_myname() instead of lp_netbios_name()
Comment 3 Andreas Schneider 2013-04-26 15:04:22 UTC
Comment on attachment 8815 [details]
patch against v4-0-test, same as what has been pushed to autobuild

LGTM.
Comment 4 David Disseldorp 2013-04-26 15:09:49 UTC
Karolin, please push these patches to v4-0-test and v3-6-test.
Comment 5 Karolin Seeger 2013-04-30 07:54:30 UTC
Pushed to v3-6-test and autobuild-v4-0-test.
Comment 6 Karolin Seeger 2013-04-30 10:59:03 UTC
Pushed to v4-0-test.
Closing out bug report.

Thanks!