found crash bug in libsmb/clientgen.c

Tim Potter Tim.Potter at anu.edu.au
Thu Jul 8 07:06:41 GMT 1999


I was trying to access a public samba share (i.e no password required)
using smbclient and found the following crash bug.  Basically,
cli_calc_session_pwds() likes to modify its arguments but for a public
share they are passed as constants in cli_establish_connection().

Interestingly, I was testing an unrelated feature that worked on my
Linux or Solaris box, and only crashed on tridge's IRIX machine
samba.anu.edu.au - bizzare.

If someone could take a quick look at this to make sure I haven't
don't anything silly I'll commit it right away.


Tim.

Index: clientgen.c
===================================================================
RCS file: /data/cvs/samba/source/libsmb/clientgen.c,v
retrieving revision 1.107
diff -u -c -r1.107 clientgen.c
cvs server: conflicting specifications of output style
*** clientgen.c	1999/06/29 19:39:23	1.107
--- clientgen.c	1999/07/08 07:01:52
***************
*** 2760,2773 ****
  
  	if (cli->pwd.cleartext || cli->pwd.null_pwd)
  	{
! 		fstring passwd;
! 		int pass_len;
  
  		if (cli->pwd.null_pwd)
  		{
  			/* attempt null session */
! 			passwd[0] = 0;
! 			pass_len = 1;
  		}
  		else
  		{
--- 2760,2773 ----
  
  	if (cli->pwd.cleartext || cli->pwd.null_pwd)
  	{
! 		fstring passwd, ntpasswd;
! 		int pass_len, ntpass_len;
  
  		if (cli->pwd.null_pwd)
  		{
  			/* attempt null session */
! 			passwd[0] = ntpasswd[0] = 0;
! 			pass_len = ntpass_len = 1;
  		}
  		else
  		{
***************
*** 2779,2785 ****
  		/* attempt clear-text session */
  		if (!cli_session_setup(cli, cli->user_name,
  	                       passwd, pass_len,
! 	                       NULL, 0,
  	                       cli->domain))
  		{
  			DEBUG(1,("failed session setup\n"));
--- 2779,2785 ----
  		/* attempt clear-text session */
  		if (!cli_session_setup(cli, cli->user_name,
  	                       passwd, pass_len,
! 	                       ntpasswd, ntpass_len,
  	                       cli->domain))
  		{
  			DEBUG(1,("failed session setup\n"));

-- 
Tim Potter, System Admin/Programmer              "Disco Stu doesn't advertise"
Advanced Computational Systems CRC, RSISE Bldg Australian National University,
Canberra 0200, AUSTRALIA Ph: +61 2 62798813 Fax: +61 2 62798602


More information about the samba-technical mailing list