nmbd internal error (PR#22576)

Esh, Andrew AEsh at tricord.com
Fri Mar 1 09:15:03 GMT 2002


The gdb dump shows the last identifiable line executed before the segfault
in write_browse list is line 372:

	#4  0x807b48d in sig_fault (sig=11) at lib/fault.c:63
	#5  0xbfbfffb4 in ?? ()
	#6  0x8059b3b in write_browse_list (t=0, force_write=1)
	    at nmbd/nmbd_serverlistdb.c:372

That line does a lookup on the workgroup:

  	if((work = find_workgroup_on_subnet(FIRST_SUBNET,
global_myworkgroup)) == NULL)

I think the problem is either that there is no workgroup defined in
smb.conf:

	# Global parameters
	[global]
		client code page = 437
		netbios name = FREEBSD
		server string = 
		encrypt passwords = Yes
		log file = /var/log/log.%m
		max log size = 50
		dns proxy = No
		panic action = /usr/bin/gdb /usr/local/sbin/nmbd -c
/nmbd.core -x /root/nmbd.gdb
		create mask = 0644
		dos filetime resolution = Yes

	[homes]

That should not be a problem, since global_myworkgroup should default to
"WORKGROUP", but the variable might be getting zeroed somehow.

The other explanation is, something is wrong with FIRST_SUBNET, which is
also a pointer. Notice that find_workgroup_on_subnet uses both its arguments
without testing them:

	struct work_record *find_workgroup_on_subnet(struct subnet_record
*subrec, 
	                                             const char *name)
	{
	  struct work_record *ret;
  
	  DEBUG(4, ("find_workgroup_on_subnet: workgroup search for %s on
subnet %s: ",
      	      name, subrec->subnet_name));
  
	  for (ret = subrec->workgrouplist; ret; ret = ret->next)
	  {
	    if (!strcmp(ret->work_group,name))

The best way to find this would be to attach gdb to the running nmbd, and
then reproduce the problem. The will stop on the line of code which produces
the SIGSEGV (signal 11). Either that or change the first line of
find_workgroup_on_subnet so it prints out the value of subrec before trying
to use it. I am betting it (or name) will be null.

The question is: Why is it NULL?

Here's a patch against SAMBA_2_2 to add some defense to
find_workgroup_on_subnet. It doesn't fix the root problem, but it prevents
the SIGSEGV:

Index: nmbd_workgroupdb.c
===================================================================
RCS file: /cvsroot/samba/source/nmbd/nmbd_workgroupdb.c,v
retrieving revision 1.13.4.3
diff -c -r1.13.4.3 nmbd_workgroupdb.c
*** nmbd_workgroupdb.c	28 Feb 2002 01:52:15 -0000	1.13.4.3
--- nmbd_workgroupdb.c	1 Mar 2002 15:40:14 -0000
***************
*** 157,162 ****
--- 157,165 ----
  {
    struct work_record *ret;
    
+   if (!subrec || !name)
+     return NULL;
+ 
    DEBUG(4, ("find_workgroup_on_subnet: workgroup search for %s on subnet
%s: ",
              name, subrec->subnet_name));
    
NOTE: There are other functions in the same file that could benefit from the
same tests. This isn't the best fix, though. If there is an assumption that
those pointers are always set, then we problem is with whatever is faulting
that assumption.


-----Original Message-----
From: Galen Sampson [mailto:galen_sampson at yahoo.com]
Sent: Thursday, February 28, 2002 7:41 PM
To: samba-technical at samba.org
Subject: nmbd internal error (PR#22576)


Hello,

I recently had a couple of issues with nmbd and was asked to share them with
this list.  I attempted to attach a core file and send it as an attachment
to
this list but the message was too large.  As a result I will just send some
output I have gathered with gdb and show the world my configuration files. 
This text file was generated in unix and as such has no carraige returns.
The
standard windows word pad seems to handel it well for people whe need to
view
it in that environment.

If there are any questions I still have my core file and debug binary.
Please
email me directly with any of these questions since I am not a member of the
samba mailing lists.  Hope this helps.

Galen Sampson

__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba-technical mailing list