Re: Possible null pointer refrence in v3-0-test and v3-2-test - Samba

This is a discussion on Re: Possible null pointer refrence in v3-0-test and v3-2-test - Samba ; I first encounter the problem when using usershare configuration. When samba is running, I use net usershare add to add a share and then modify the acl of the share. Then I access the share from windows XP, null pointers ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Re: Possible null pointer refrence in v3-0-test and v3-2-test

  1. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    I first encounter the problem when using usershare configuration.

    When samba is running, I use net usershare add to add a share and then modify the acl of the share.

    Then I access the share from windows XP, null pointers appeared in talloc_strndup() and str_checksum(), which causes
    windows XP lost connection to samba....ie, child smbd crashed.

    With the patch applied, windows XP didn't lose connection any more.

    I didn't look closely at the process of loading user shares.

    But from the user experience, I think the patch is necessary.

    Thanks!

    best
    regards

    >>> Volker Lendecke 06/02/08 11:35 PM >>>

    On Mon, Jun 02, 2008 at 02:21:34AM -0600, Bo Yang wrote:
    > There is possible null pointer reference in
    > talloc_strndup() and str_checksum() function.
    >
    > Patch in the attachment, Please review it.
    >
    > Thanks!


    Patch looks correct, but -- is it necessary? I'd say that
    calling those functions with NULL deserves a crash.

    Volker


  2. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    On Mon, Jun 02, 2008 at 10:04:35PM -0600, Bo Yang wrote:
    > I first encounter the problem when using usershare configuration.
    >
    > When samba is running, I use net usershare add to add a
    > share and then modify the acl of the share.
    >
    > Then I access the share from windows XP, null pointers
    > appeared in talloc_strndup() and str_checksum(), which
    > causes windows XP lost connection to samba....ie, child
    > smbd crashed.
    >
    > With the patch applied, windows XP didn't lose connection
    > any more.
    >
    > I didn't look closely at the process of loading user
    > shares.
    >
    > But from the user experience, I think the patch is
    > necessary.
    >
    > Thanks!


    Can you run the programs under valgrind and see which
    callers call the routines with NULL? We need to fix the
    callers.

    Thanks,

    Volker

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFIRMqvUzqjrWwMRl0RAtQ2AKCWXJTO/OAv4Z5iKPCYJfViJH9stACgkEil
    vNquHlJRw17CH6C2CHaQc4I=
    =8rCz
    -----END PGP SIGNATURE-----


  3. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    2008/6/2 Bo Yang :
    > I first encounter the problem when using usershare configuration.
    >
    > When samba is running, I use net usershare add to add a share and then modify the acl of the share.
    >
    > Then I access the share from windows XP, null pointers appeared in talloc_strndup() and str_checksum(), which causes
    > windows XP lost connection to samba....ie, child smbd crashed.
    >
    > With the patch applied, windows XP didn't lose connection any more.
    >
    > I didn't look closely at the process of loading user shares.


    I've seen cases where it looks like the usershare loading code can
    return a bogusly large snum, which results on lp_foo(snum, ...)
    returning NULL. Bad things happen from there.

    I haven't reliably reproduced this or tracked it down ....

    --
    James Peach | jorgar@gmail.com


  4. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    On Tue, Jun 03, 2008 at 04:58:30PM -0700, James Peach wrote:
    >
    > I've seen cases where it looks like the usershare loading code can
    > return a bogusly large snum, which results on lp_foo(snum, ...)
    > returning NULL. Bad things happen from there.
    >
    > I haven't reliably reproduced this or tracked it down ....


    Bugger, that's my code :-(. Ok, you've got to do better
    than this in reporting :-).

    Jeremy.


  5. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    2008/6/3 Jeremy Allison :
    > On Tue, Jun 03, 2008 at 04:58:30PM -0700, James Peach wrote:
    >>
    >> I've seen cases where it looks like the usershare loading code can
    >> return a bogusly large snum, which results on lp_foo(snum, ...)
    >> returning NULL. Bad things happen from there.
    >>
    >> I haven't reliably reproduced this or tracked it down ....

    >
    > Bugger, that's my code :-(.


    and mine .. I have a relatively large patch to the usershare feature.

    > Ok, you've got to do better than this in reporting :-).


    I spent all day in gdb with no symbols, which was the very definition
    of no fun. I can probably dig up a stack trace from my notes, but it's
    no more informative that the description above

    --
    James Peach | jorgar@gmail.com


  6. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    On Tue, Jun 03, 2008 at 10:19:47PM -0700, James Peach wrote:
    > 2008/6/3 Jeremy Allison :
    > > On Tue, Jun 03, 2008 at 04:58:30PM -0700, James Peach wrote:
    > >>
    > >> I've seen cases where it looks like the usershare loading code can
    > >> return a bogusly large snum, which results on lp_foo(snum, ...)
    > >> returning NULL. Bad things happen from there.
    > >>
    > >> I haven't reliably reproduced this or tracked it down ....

    > >
    > > Bugger, that's my code :-(.

    >
    > and mine .. I have a relatively large patch to the usershare feature.


    Is that in the samba.org code yet ?

    Jeremy.


  7. Re: Possible null pointer refrence in v3-0-test and v3-2-test

    On Wed, Jun 04, 2008 at 08:45:47AM -0700, Jeremy Allison wrote:
    > > and mine .. I have a relatively large patch to the usershare feature.

    >
    > Is that in the samba.org code yet ?


    I think we could solve this very quickly if we got a broken
    config or an example how to generate one. Bo (sorry for my
    ignorance, is this your first or last name? :-), you seem to
    have it around. Can you send it?

    Volker

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.5 (GNU/Linux)

    iD8DBQFIRumlUzqjrWwMRl0RAjg3AJ0W6fOL47tC6W7bBA9wtC JSOBqODgCcDklq
    E56UhGa3G8H9uwsHW211oaw=
    =9C5w
    -----END PGP SIGNATURE-----


+ Reply to Thread