SV: SIGBUS Panic in smbd
Michael Stockman
pgmtekn at algonet.se
Mon Jun 28 23:04:07 GMT 1999
Hello,
AFAIK (the passwd struct and the pointers in it is static memory) that would fix the SIGBUS, however it would open samba to completely inpredictable behaviour. Consider that when ret->pw_passwd = strdup() the static passwd struct is altered so that it points to a buffer of a most likely shorter size. A subsequent call to getpwnam where pw_passwd would be longer would cause it to write out of bounds. Even if all calls return the same length pw_passwd we'd still throw away memory on each call to _Get_Pwnam(). The ugliest hack that isn't completely unthinkable is to strcpy the string into pw_passwd (and that doesn't feel good while we don't know the size of the buffer)!
Disclaimer: this relates to how the code looks in the head branch, I don't know how that differs from 2.0.4b.
Best regards
Michael Stockman
pgmtekn-micke at algonet.se
> Ken Weaverling wrote:
>
> > I've seen this myself. I just upgraded to 2.04b from 2.03 on a box that
> > serves thousands of users. The panics started to occur. This is
> > a debugger dump.
> >
> > This is from a DG/UX m88k system.
> >
> > Please consider this a serious problem. SIGBUS isn't a nice thing!
>
> Ok, I found a getpwanam() man page on the Web. As far as I
> can tell just removing the line containing the free() call
> should fix it correctly in 2.0.4b.
>
> Commants anyone ?
>
More information about the samba-technical
mailing list