Summary: | net-fs/samba-server-3.3.7 smbd crashes (signal 11) in dns_register_smbd_reply | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Timothy Miller <theosib> |
Component: | [OLD] Server | Assignee: | Gentoo's SAMBA Team <samba> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | ashl1future |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.samba.org/show_bug.cgi?id=6696 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Patch fixing smbd crashes in dns_register_smbd_reply |
Description
Timothy Miller
2009-09-07 02:47:01 UTC
More info: smbd doesn't crash until a client attempts to connect. And this is apparently where the crash occurs: #6 dns_register_smbd_reply (dns_state=0x0, lfds=0x7fff36e756e0, timeout=0x7fff36e75870) at smbd/dnsregister.c:171 I did some more digging, and I think I found the bug. In server.c, there's this code: static bool open_sockets_smbd(bool is_daemon, bool interactive, const char *smb_ports) { ... struct dns_reg_state * dns_reg = NULL; ... nothing that modifies dns_reg ... /* process pending nDNS responses */ if (dns_register_smbd_reply(dns_reg, &r_fds, &idle_timeout)) { --num; } ... } Then the function dns_register_smbd_reply (disregister.c) blindly rereferences the first argument: bool dns_register_smbd_reply(struct dns_reg_state *dns_state, fd_set *lfds, struct timeval *timeout) { int mdnsd_conn_fd = -1; if (dns_state->srv_ref == NULL) { return false; } ... } I definitely think this is a bug. I don't know what's changed to cause this to pop up now, but can anyone help me to figure out why suddenly this is happening when it didn't before? Someone suggested a glibc update might have caused this. I've filed this report on samba's bugzilla: https://bugzilla.samba.org/show_bug.cgi?id=6696 However, I expect they'll blow me off since 3.3.7 isn't their latest version, leaving it up to Gentoo devs to bump versions or patch it. This "patch" solves the problem: bool dns_register_smbd_reply(struct dns_reg_state *dns_state, fd_set *lfds, struct timeval *timeout) { int mdnsd_conn_fd = -1; + if (!dns_state) return false; if (dns_state->srv_ref == NULL) { return false; } Thanks for reporting the problem, and providing your fix! Assigning to samba team. Timothy, which were the USE flags used to build samba? My emerge info is here, but I think the relevant ones are "acl cups ldap zeroconf". It didn't initially have "cups", but I added it make it stop complaining about that. Note that I hadn't changed any of those before the last update. Created attachment 204206 [details, diff]
Patch fixing smbd crashes in dns_register_smbd_reply
This is the patch as shown in samba bugzilla.
Let's wait for its approval to include it in portage
Thanks for the heads up! + 08 Oct 2009; Víctor Ostorga <vostorga@gentoo.org> + samba-server-3.3.7-r1.ebuild, + +files/3.3/samba-server-3.3.7-dns-register.patch, + samba-server-3.3.8.ebuild: + Fixing signal 11 in dns_register_smbd_reply, patch thanks to Timothy + Miller <theosib@hotmail.com> bug 283919 |