Possible crash in winbind daemon
kawasa_r at itg.hitachi.co.jp
kawasa_r at itg.hitachi.co.jp
Thu May 6 10:55:31 GMT 2004
Winbindd get SIGILL and abnormally terminated when a communication to the domain controller
is failed by "Connection reset by peer".
In cli_session_setup_ntlmssp(), blob.free() (pointer to function) is executed.
Since blob.free() is a member of uninitialized DATA_BLOB struct blob, so smbd tried to
jump to an uncertain area.
In case of failure in communicating the domain controller, this struct member is
referred without any initialization.
We made a following patch that initialize the struct in its declaration.
Index: samba-302/source/libsmb/cliconnect.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/cliconnect.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- samba-302/source/libsmb/cliconnect.c 15 Mar 2004 05:39:43 -0000 1.2
+++ samba-302/source/libsmb/cliconnect.c 25 Mar 2004 09:04:23 -0000 1.3
@@ -554,7 +554,7 @@
NTSTATUS nt_status;
int turn = 1;
DATA_BLOB msg1;
- DATA_BLOB blob;
+ DATA_BLOB blob = data_blob(NULL, 0);
DATA_BLOB blob_in = data_blob(NULL, 0);
DATA_BLOB blob_out;
More information about the samba-technical
mailing list