smbd SEGFAULTS in ldap code
Martin Zielinski
mz at seh.de
Tue Jan 15 09:52:06 GMT 2008
Hello,
I've a smbd segfaulting when pushing a printer into AD:
Program received signal SIGSEGV, Segmentation fault.
0x4002f610 in ldap_add_ext () from /usr/lib/libldap.so
(gdb) bt
#0 0x4002f610 in ldap_add_ext () from /usr/lib/libldap.so
#1 0x4002f768 in ldap_add_ext_s () from /usr/lib/libldap.so
#2 0x4002f7d8 in ldap_add_s () from /usr/lib/libldap.so
#3 0x00296c3c in ads_gen_add ()
#4 0x0029a844 in ads_add_printer_entry ()
#5 0x00234d4c in nt_printer_publish_ads ()
#6 0x00235518 in check_published_printers ()
#7 0x0022e710 in nt_printing_init ()
#8 0x00228288 in print_backend_init ()
#9 0x002ba79c in main ()
What happens?
The printer has 30 ldap attributes. So the list of attributes has the
size of 31 -> modlist[30] is '-1' indicating the end of the list.
(See: libads/ldap.c ads_modlist_add() )
The smbd tries to modify the printer entry by calling
libads/ldap.c ads_gen_mod ()
Here the last entry is overwritten with NULL.
Now modlist[30] is 0!
Because the printer isn't already published, smbd calls
ads_add_printer_entry ()
(See: printing/nt_printing.c nt_printer_publish_ads())
Here the smbd adds the attribute "objectClass" to the list of attributes.
Now modlist[30] is "objectClass", but modlist[31] is not defined!
The smbd tries to mark the last entry in "libads/ldap.c ads_gen_add()"
with 0, but this can be anywhere behind the objectClass attribute.
The ldap library will segfault accesing the elements of attribute[31].
Bye,
Martin
More information about the samba-technical
mailing list