smbd core dump on usrmgr.exe: bt

Esh, Andrew Andrew_Esh at adaptec.com
Fri May 16 13:50:07 GMT 2003


It looks to me as though the number of groups returned from "getgroups_user"
was zero. I don't know if that's a legal response, or not. How can a Unix
user not be a member of any groups? I don't think it is a valid response, so
I included this first patch to make it return -1 if there were zero groups
found. The second part of the patch simply defends against the segfault,
however it might occur. It appears that this has already been applied.

Index: lib/util_smbd.c
===================================================================
RCS file: /cvsroot/samba/source/lib/util_smbd.c,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 util_smbd.c
--- lib/util_smbd.c	17 Aug 2002 17:00:46 -0000	1.1.2.1
+++ lib/util_smbd.c	16 May 2003 13:40:03 -0000
@@ -57,7 +57,7 @@
 	if (ngrp <= 0) {
 		passwd_free(&pwd);
 		free(*groups);
-		return ngrp;
+		return -1;
 	}
 
 	passwd_free(&pwd);
Index: rpc_server/srv_util.c
===================================================================
RCS file: /cvsroot/samba/source/rpc_server/srv_util.c,v
retrieving revision 1.65.2.7
diff -u -r1.65.2.7 srv_util.c
--- rpc_server/srv_util.c	12 May 2003 18:12:28 -0000	1.65.2.7
+++ rpc_server/srv_util.c	16 May 2003 13:40:04 -0000
@@ -194,7 +194,8 @@
 		break;
 	}
 
-	free(groups);
+	if (num_groups > 0)
+	  free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)


-----Original Message-----
From: Alex Deiter [mailto:tiamat at komi.mts.ru]
Sent: Friday, May 16, 2003 2:54 AM
To: samba-technical at lists.samba.org
Subject: smbd core dump on usrmgr.exe: bt


I receive core dump at attempt to open properties of the user in usrmgr.exe:
(samba 3.0alpha24)

Core was generated by `smbd'.
Program terminated with signal 6, Aborted.
...
(gdb) bt
#0  0x2859f393 in kill () from /usr/lib/libc.so.5
#1  0x2860a16c in abort () from /usr/lib/libc.so.5
#2  0x286089fe in tcflow () from /usr/lib/libc.so.5
#3  0x28608a2b in tcflow () from /usr/lib/libc.so.5
#4  0x28609e2f in realloc () from /usr/lib/libc.so.5
#5  0x286094b0 in tcflow () from /usr/lib/libc.so.5
#6  0x286096a8 in free () from /usr/lib/libc.so.5
#7  0x08144871 in get_alias_user_groups (ctx=0x8324ac0, sid=0x8301d00,
numgroups=0xbfbff36c, prids=0xbfbff360,
    q_sid=0x8337a04) at rpc_server/srv_util.c:197
#8  0x0813ab8a in _samr_query_useraliases (p=0x833f000, q_u=0xbfbff3c0,
r_u=0xbfbff3a0)
    at rpc_server/srv_samr_nt.c:3102
#9  0x08130f2a in api_samr_query_useraliases (p=0x833f000) at
rpc_server/srv_samr.c:860
#10 0x08149a8f in api_rpcTNP (p=0x833f000, rpc_name=0x8324960 "samr",
api_rpc_cmds=0x8338400, n_cmds=48)
    at rpc_server/srv_pipe.c:1485
#11 0x08149672 in api_pipe_request (p=0x833f000) at
rpc_server/srv_pipe.c:1413
#12 0x08142da3 in process_request_pdu (p=0x833f000, rpc_in_p=0xbfbff5e0) at
rpc_server/srv_pipe_hnd.c:669
#13 0x08143015 in process_complete_pdu (p=0x833f000) at
rpc_server/srv_pipe_hnd.c:741
#14 0x08143340 in process_incoming_data (p=0x833f000, data=0x8301e10 "h",
n=112)
    at rpc_server/srv_pipe_hnd.c:837
#15 0x08143548 in write_to_internal_pipe (np_conn=0x833f000, data=0x8301e10
"h", n=128)
    at rpc_server/srv_pipe_hnd.c:876
#16 0x081434bd in write_to_pipe (p=0x833e000, data=0x8301e00 "\005", n=128)
at rpc_server/srv_pipe_hnd.c:859
#17 0x08086743 in api_fd_reply (conn=0x833c800, vuid=100, outbuf=0x8368000
"", setup=0x8324890,
    data=0x8301e00 "\005", params=0x0, suwcnt=2, tdscnt=128, tpscnt=0,
mdrcnt=1024, mprcnt=0) at smbd/ipc.c:298
#18 0x08086992 in named_pipe (conn=0x833c800, vuid=100, outbuf=0x8368000 "",
name=0xbfbff7e6 "",
    setup=0x8324890, data=0x8301e00 "\005", params=0x0, suwcnt=2,
tdscnt=128, tpscnt=0, msrcnt=0, mdrcnt=1024,
    mprcnt=0) at smbd/ipc.c:342
#19 0x08087629 in reply_trans (conn=0x833c800, inbuf=0x8347000 "",
outbuf=0x8368000 "", size=216,
    bufsize=131072) at smbd/ipc.c:532
#20 0x080c6bc9 in switch_message (type=37, inbuf=0x8347000 "",
outbuf=0x8368000 "", size=216, bufsize=131072)
    at smbd/process.c:758
#21 0x080c6c82 in construct_reply (inbuf=0x8347000 "", outbuf=0x8368000 "",
size=216, bufsize=131072)
    at smbd/process.c:788
#22 0x080c6ff2 in process_smb (inbuf=0x8347000 "", outbuf=0x8368000 "") at
smbd/process.c:889
#23 0x080c7cea in smbd_process () at smbd/process.c:1315
#24 0x08228c22 in main (argc=2, argv=0xbfbffb40) at smbd/server.c:886
#25 0x0806fef5 in _start ()

Thanks!



More information about the samba-technical mailing list