from:"danb1974"

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

2015-01-14 Thread danb1974

I tracked my crash to what appears to be missing structure
initialization, resulting in invalid pointers being free()d

Added two initializations, seems to fix the problem. Not being familiar
with samba, please confirm if I'm doing the right thing.


** Patch added: "samba-3.6.3-missing-gss-buffer-desc-init.patch"
   
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1094438/+attachment/4298408/+files/samba-3.6.3-missing-gss-buffer-desc-init.patch

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1094438

Title:
  Samba crashes invalid pointer: 0x7f0bc3de7590

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1094438/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

2015-01-06 Thread danb1974

In my case the crash only happens on remote registry access, file
sharing works. Mine is joined to a Windows 2012 AD.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1094438

Title:
  Samba crashes invalid pointer: 0x7f0bc3de7590

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1094438/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

2015-01-06 Thread danb1974

I seem to have hit the same bug, invalid poiter free()d by
gssalloc_free() called by gss_release_buffer()

Happens when a program installed on the DC connects to this linux
requesting some registry keys (not knowing this is not a windows
machine)

Here is a stack trace with full symbols

Core was generated by `smbd -F'.
Program terminated with signal 6, Aborted.
#0  0x7f4458a000d5 in __GI_raise (sig=) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64  ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x7f4458a000d5 in __GI_raise (sig=) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x7f4458a0383b in __GI_abort () at abort.c:91
#2  0x7f445be50eeb in dump_core () at lib/fault.c:391
#3  0x7f445be5f5d1 in smb_panic (why=) at lib/util.c:1133
#4  0x7f445be50838 in fault_report (sig=6) at lib/fault.c:53
#5  sig_fault (sig=6) at lib/fault.c:76
#6  
#7  0x7f4458a000d5 in __GI_raise (sig=) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0x7f4458a0383b in __GI_abort () at abort.c:91
#9  0x7f4458a3e04e in __libc_message (do_abort=2, fmt=0x7f4458b485e0 "*** 
glibc detected *** %s: %s: 0x%s ***\n") at 
../sysdeps/unix/sysv/linux/libc_fatal.c:201
#10 0x7f4458a48846 in malloc_printerr (action=3, str=0x7f4458b44ee9 
"free(): invalid pointer", ptr=) at malloc.c:5047
#11 0x7f445b19db78 in gssalloc_free (value=) at 
../../../include/gssapi/gssapi_alloc.h:22
#12 gss_release_buffer (minor_status=, buffer=0x7ef4b840) at 
../../../../src/lib/gssapi/mechglue/g_rel_buffer.c:52
#13 0x7f445beccca2 in gse_get_pac_blob (gse_ctx=, 
mem_ctx=0x7f445e2dce70, pac_blob=) at librpc/crypto/gse.c:731
#14 0x7f445bd63a8b in gssapi_server_get_user_info (gse_ctx=0x7f445e2d8020, 
mem_ctx=0x7f445e2d7380, client_id=0x7f445e2bd5e8, server_info=0x7f445e2d73a8) 
at rpc_server/dcesrv_gssapi.c:127
#15 0x7f445bd57f5d in pipe_gssapi_verify_final (mem_ctx=0x7f445e2d7380, 
gse_ctx=0x7f445e2d8020, client_id=0x7f445e2bd5e8, session_info=0x7f445e2d73a8) 
at rpc_server/srv_pipe.c:734
#16 0x7f445bd5994a in pipe_auth_verify_final (p=0x7f445e2d7380) at 
rpc_server/srv_pipe.c:814
#17 0x7f445bd5bb3b in api_pipe_alter_context (pkt=0x7f445e2d3200, 
p=0x7f445e2d7380) at rpc_server/srv_pipe.c:1403
#18 process_complete_pdu (p=0x7f445e2d7380) at rpc_server/srv_pipe.c:1955
#19 0x7f445bd5c22b in process_incoming_data (p=0x7f445e2d7380, 
data=0x7f445e2e4cb4 "\270\020\270\020", n=) at 
rpc_server/srv_pipe_hnd.c:218
#20 0x7f445bd5c90e in write_to_internal_pipe (n=216, data=0x7f445e2e4cb4 
"\270\020\270\020", p=0x7f445e2d7380) at rpc_server/srv_pipe_hnd.c:244
#21 np_write_send (mem_ctx=, ev=0x7f445e2bd520, 
handle=, data=, len=216) at 
rpc_server/srv_pipe_hnd.c:538
#22 0x7f445bb71177 in reply_pipe_write_and_X (req=0x7f445e2e4dd0) at 
smbd/pipes.c:322
#23 0x7f445bb7ab18 in reply_write_and_X (req=0x7f445e2e4dd0) at 
smbd/reply.c:4529
#24 0x7f445bbbd9c4 in switch_message (type=47 '/', req=0x7f445e2e4dd0, 
size=284) at smbd/process.c:1574
#25 0x7f445bbbdddb in construct_reply (deferred_pcd=0x0, encrypted=false, 
seqnum=, unread_bytes=0, size=284, inbuf=0x0, 
sconn=0x7f445e2bd5e0) at smbd/process.c:1610
#26 process_smb (sconn=0x7f445e2bd5e0, inbuf=, nread=284, 
unread_bytes=0, seqnum=, encrypted=false, deferred_pcd=0x0) at 
smbd/process.c:1688
#27 0x7f445bbbe1f3 in smbd_server_connection_read_handler 
(conn=0x7f445e2bd5e0, fd=24) at smbd/process.c:2317
#28 0x7f445be6f27e in run_events_poll (num_pfds=2, pfds=0x7f445e2ce2e0, 
pollrtn=, ev=0x7f445e2bd520) at lib/events.c:286
#29 run_events_poll (ev=0x7f445e2bd520, pollrtn=, 
pfds=0x7f445e2ce2e0, num_pfds=2) at lib/events.c:184
#30 0x7f445bbbf962 in smbd_server_connection_loop_once 
(conn=0x7f445e2bd5e0) at smbd/process.c:1017
#31 smbd_process (sconn=0x7f445e2bd5e0) at smbd/process.c:3158
#32 0x7f445c0cd21f in smbd_accept_connection (ev=, 
fde=, flags=, private_data=) at 
smbd/server.c:511
#33 0x7f445be6f27e in run_events_poll (num_pfds=5, pfds=0x7f445e2d67c0, 
pollrtn=, ev=0x7f445e2bd520) at lib/events.c:286
#34 run_events_poll (ev=0x7f445e2bd520, pollrtn=, 
pfds=0x7f445e2d67c0, num_pfds=5) at lib/events.c:184
#35 0x7f445be6f41a in s3_event_loop_once (ev=0x7f445e2bd520, 
location=) at lib/events.c:349
#36 0x7f445be6ffa0 in _tevent_loop_once (ev=0x7f445e2bd520, 
location=0x7f445c2d1f37 "smbd/server.c:844") at ../lib/tevent/tevent.c:494
#37 0x7f445bb3e060 in smbd_parent_loop (parent=) at 
smbd/server.c:844
#38 main (argc=, argv=) at smbd/server.c:1326

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1094438

Title:
  Samba crashes invalid pointer: 0x7f0bc3de7590

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1094438/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify set

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

[Bug 1094438] Re: Samba crashes invalid pointer: 0x00007f0bc3de7590

3 matches

Site Navigation

Mail list logo

Footer information