Samba problems (new release available)
Cliff Green
green at UMDNJ.EDU
Mon May 11 17:26:34 GMT 1998
--On Monday, May 11, 1998, 8:32 PM +1000 "Andrew Tridgell"
<tridge at samba.anu.edu.au> wrote:
> I have released a new version of Samba (version 1.9.18p6)
[munch]
>
> The fix I used was to write a slprintf() function that works much like
> snprintf() but always null terminates the string. This replaced
> sprintf in many places in the Samba source.
>
> slprintf() is implemented in terms of vsnprintf() if
> available. Otherwise is uses a memory area allocated with memalign
> with the last page of the memory area protected from writes using
> mprotect(). So on systems without vsnprintf() Samba will harmlessly
> segfault on a buffer overflow (this is not a DOS attack because each
> client gets their own copy of smbd)
HP's C (HPUX 10.20) doesn't have either vsnprintf or memalign. When
compiling, slprintf.c yields a warning about an int (from the undefined
memalign) being implicitly converted to a pointer (for buf) on line 48. The
real fun comes later, when linking smbd, and one gets an unsatisfied symbol
reference to memalign.
Changing line 48 from
buf = memalign(pagesize, len);
to
buf = valloc(pagesize);
seems to fix the problem; by that I mean the warning and fatal linker error
go away. However, not being an expert on memory allocation issues, I don't
know if this fixes it by breaking it. Any comments?
c
--
Cliff Green green at umdnj.edu
Academic Computing Service - UMDNJ
More information about the samba-technical
mailing list