Bug 6961 - Samba 4.3.6 Segfault Patch.
: Samba 4.3.6 Segfault Patch.
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://bugzilla.samba.org/show_bug.c...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-20 21:00 MSD by Zombie Ryushu
Modified: 2017-11-27 06:03 MSK (History)
3 users (show)

See Also:
RPM Package: samba
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zombie Ryushu 2016-04-20 21:00:29 MSD
https://lists.samba.org/archive/samba-technical/2016-April/113536.html

There exists a potential memory corruption error in 4.3.x
Comment 1 Denis Silakov 2016-04-22 12:01:38 MSD
References to builds with this patch are available in bug 6924.
Comment 2 Zombie Ryushu 2016-04-22 12:32:57 MSD
It still Panics.  INTERNAL ERROR: Signal 11 in pid 16495 (4.3.8)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2016/04/22 04:31:04.637494,  0] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2016/04/22 04:31:04.637597,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 16495): internal error
[2016/04/22 04:31:04.639381,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 49 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25]
   #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd]
   #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712]
   #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0]
   #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba]
   #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a]
   #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683]
   #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c]
   #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a]
   #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7]
   #12 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_LookupNames+0x31b) [0x7f6ddc5d7fec]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1f6295) [0x7f6ddc5ec295]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b621) [0x7f6ddc471621]
   #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x7b8af) [0x7f6ddc4718af]
   #16 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_raw_call_send+0xb5) [0x7f6dd413aaa7]
   #17 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call_send+0x3ad) [0x7f6dd413b320]
   #18 /usr/lib64/libdcerpc-binding.so.0(dcerpc_binding_handle_call+0x96) [0x7f6dd413b6f8]
   #19 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames_r+0x3f) [0x7f6dd5b18249]
   #20 /usr/lib64/samba/libdcerpc-samba-samba4.so(dcerpc_samr_LookupNames+0x76) [0x7f6dd5b18671]
   #21 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb246f) [0x7f6ddc4a846f]
   #22 /usr/lib64/samba/libsmbd-base-samba4.so(+0xb2774) [0x7f6ddc4a8774]
   #23 /usr/lib64/samba/libsmbd-base-samba4.so(_netr_ServerAuthenticate3+0x268) [0x7f6ddc4a8fde]
   #24 /usr/lib64/samba/libsmbd-base-samba4.so(+0xbb6e5) [0x7f6ddc4b16e5]
   #25 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8]
   #26 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f]
   #27 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751]
   #28 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834]
   #29 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c]
   #30 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b]
   #31 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169]
   #32 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393]
   #33 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9]
   #34 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54]
   #35 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f]
   #36 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3]
   #37 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #38 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #39 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578]
   #40 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc]
   #41 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328]
   #42 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7]
   #43 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #44 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #45 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643]
   #46 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82]
   #47 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0]
   #48 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9]
[2016/04/22 04:31:04.639892,  0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd
[2016/04/22 04:31:08.300063,  0] ../lib/util/fault.c:78(fault_report)
  ===============================================================
[2016/04/22 04:31:08.300143,  0] ../lib/util/fault.c:79(fault_report)
  INTERNAL ERROR: Signal 11 in pid 16498 (4.3.8)
  Please read the Trouble-Shooting section of the Samba HOWTO
[2016/04/22 04:31:08.300232,  0] ../lib/util/fault.c:81(fault_report)
  ===============================================================
[2016/04/22 04:31:08.300262,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 16498): internal error
[2016/04/22 04:31:08.301252,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 40 stack frames:
   #0 /usr/lib64/libsmbconf.so.0(log_stack_trace+0x1f) [0x7f6dda76a05f]
   #1 /usr/lib64/libsmbconf.so.0(smb_panic_s3+0x6f) [0x7f6dda769eaa]
   #2 /usr/lib64/libsamba-util.so.0(smb_panic+0x28) [0x7f6ddc9dea25]
   #3 /usr/lib64/libsamba-util.so.0(+0x146fd) [0x7f6ddc9de6fd]
   #4 /usr/lib64/libsamba-util.so.0(+0x14712) [0x7f6ddc9de712]
   #5 /lib64/libpthread.so.0(+0x364040f2a0) [0x7f6ddcc4a2a0]
   #6 /lib64/libc.so.6(strlen+0x2a) [0x7f6dd8c8b5ba]
   #7 /usr/lib64/libsmbconf.so.0(tcopy_passwd+0x6b) [0x7f6dda79fe7a]
   #8 /usr/lib64/libsamba-passdb.so.0(+0x26683) [0x7f6ddae1e683]
   #9 /usr/lib64/libsamba-passdb.so.0(+0x2838c) [0x7f6ddae2038c]
   #10 /usr/lib64/libsamba-passdb.so.0(pdb_getsampwnam+0x32) [0x7f6ddae4944a]
   #11 /usr/lib64/libsamba-passdb.so.0(lookup_global_sam_name+0xa8) [0x7f6ddae39da7]
   #12 /usr/lib64/libsamba-passdb.so.0(lookup_name+0xb39) [0x7f6ddae410bc]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1e6732) [0x7f6ddc5dc732]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(_samr_CreateUser2+0x194) [0x7f6ddc5dc9d1]
   #15 /usr/lib64/samba/libsmbd-base-samba4.so(+0x1fc222) [0x7f6ddc5f2222]
   #16 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23adb8) [0x7f6ddc630db8]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23a93f) [0x7f6ddc63093f]
   #18 /usr/lib64/samba/libsmbd-base-samba4.so(+0x23b751) [0x7f6ddc631751]
   #19 /usr/lib64/samba/libsmbd-base-samba4.so(process_complete_pdu+0xe1) [0x7f6ddc631834]
   #20 /usr/lib64/samba/libsmbd-base-samba4.so(named_pipe_packet_process+0x198) [0x7f6ddc48289c]
   #21 /usr/lib64/libdcerpc-binding.so.0(+0x1ca3b) [0x7f6dd4139a3b]
   #22 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc169) [0x7f6dda335169]
   #23 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xc393) [0x7f6dda335393]
   #24 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xb6b9) [0x7f6dda3346b9]
   #25 /usr/lib64/libtevent.so.0(tevent_common_loop_immediate+0xd4) [0x7f6dd8fc9d54]
   #26 /usr/lib64/libsmbconf.so.0(run_events_poll+0x56) [0x7f6dda785e2f]
   #27 /usr/lib64/libsmbconf.so.0(+0x3e4a3) [0x7f6dda7864a3]
   #28 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #29 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #30 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0xb23) [0x7f6ddc572578]
   #31 /usr/sbin/smbd(+0x87cc) [0x7f6ddd0837cc]
   #32 /usr/lib64/libsmbconf.so.0(run_events_poll+0x54f) [0x7f6dda786328]
   #33 /usr/lib64/libsmbconf.so.0(+0x3e5b7) [0x7f6dda7865b7]
   #34 /usr/lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f6dd8fc951d]
   #35 /usr/lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f6dd8fc96bb]
   #36 /usr/sbin/smbd(+0x9643) [0x7f6ddd084643]
   #37 /usr/sbin/smbd(main+0x1788) [0x7f6ddd085f82]
   #38 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f6dd8c20fc0]
   #39 /usr/sbin/smbd(+0x61d9) [0x7f6ddd0811d9]
[2016/04/22 04:31:08.301779,  0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd
Comment 3 Zombie Ryushu 2017-11-27 06:03:53 MSK
Aged out. Will file a new bug should this resurface.