nmbd INTERNAL ERROR in 2.2.0
Jeremy Allison
jeremy at valinux.com
Tue May 1 16:05:53 GMT 2001
On Tue, May 01, 2001 at 05:54:42PM +0200, Ard van Breemen wrote:
> This patch fixes a long lingering bug in debug_browse_data, which will
> probable *never* make nmbd crash.
Yes, I realised that after posting the patch.
> The problem is bigger:
> Changing the source/nmbd/nmbd_packets.c:process_dgram() DEBUG output into:
> DEBUG(4,("process_dgram: datagram from %s to %s IP %s for %s of type %d len=%d and dgramdatasize=%d and dgm_length=%d\n",
> nmb_namestr(&dgram->source_name),nmb_namestr(&dgram->dest_name),
> inet_ntoa(p->ip), smb_buf(buf),CVAL(buf2,0),len,dgram->datasize,dgram->header.dgm_length));
>
> got me this:
> [2001/05/01 17:20:34, 4] nmbd/nmbd_workgroupdb.c:find_workgroup_on_subnet(164)
> foind_workgroup_on_subnet: workgroup search for TEM on subnet UNICAST_SUBNET: found.
> [2001/05/01 17:20:34, 4] nmbd/nmbd_packets.c:process_dgram(1270)
> process_dgram: datagram from MAC2<20> to TEM<1d> IP 192.168.1.21 for \MAILSLOT\BROWSE of type 1 len=30044 and dgramdatasize=130 and dgm_length=198
> [2001/05/01 17:20:34, 4] nmbd/nmbd_packets.c:debug_browse_data(103)
> debug_browse_data(0x80e0890,198):
>
> Yes, the data part says the size is 30k, but the datagram parts both
> say the size <200 bytes. Hence debug_browse_data SEGV's.
>
> The bug's are obvious:
> 1) DAVE 2.5.2 is generating incorrect size headers
> 2) Samba happily believes what the client says is true, there is no
> client data sanity checking.
Yep - we fixed this in the 2.2 CVS trees already, it'll
be fixed in the 2.2.1 release.
Thanks,
Jeremy Allison,
Samba Team.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list