severity 294821 important thanks On Fri, Feb 11, 2005 at 08:48:13PM +0100, Stefan Kanthak wrote: > Package: samba-common > Version: 2.2.3a-14.1 > Severity: critical > Justification: breaks the whole system
> The share \\SERVER\SHARE is setup for guest access without passwd. > smbclient '\\SERVER\SHARE' -U% -N connects successfully; upon exit of > smbclient the smbd starts writing the following two lines to its log > until the filesystem runs out of space. > [2005/02/11 20:21:30, 0] lib/util_str.c:string_sub(1221) > ERROR: string overflow by 2 in string_sub(%a, 172) > I can reproduce the error with both smbd/smbclient from 2.2.3a-14.1 as > well as the ones from the 2.2.11-0.1 package provided by the Samba team. > I can even reproduce this error on smbd 2.2.12 running on non-Debian > systems (SINIX-Z 5.42C on i386 and ReliantUnix 5.45C on MIPS R10000). > The error does NOT show when using the smbclient 2.2.12 from said > SINIX and ReliantUnix against the Debian or another machine. Please forward us a copy of your smb.conf file. It appears that some substitution in your configuration is causing a string overflow, but as the possible values for %a as documented are all reasonably short, this would seem to require an exceptional configuration to trigger it. As such, I am downgrading this bug, since you are the first person I've ever heard of even using %a in a config. The straightforward workaround is probably to reduce the use of substitutions in your smb.conf. Also, the line number in your log above does not match the source code to 2.2.3a-14.1. Which Samba server does this come from? -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature