ntlm_auth dumps core on Samba 3.4.x
Mohan Narayanaswamy
mohann at silver-peak.com
Wed Mar 24 11:48:00 MDT 2010
Hello Everyone,
I was trying to use ntlm_auth utility on samba 3.4.x (onwards) as an
authentication proxy .
It seems "gss-spnego" helper protocol dumps core every time when I send
the initial command "YR".
#0 0x00002aaaaca7a065 in raise () from /lib64/libc.so.6
#1 0x00002aaaaca7bb00 in abort () from /lib64/libc.so.6
#2 0x00002aaaac42891f in talloc_abort () from
/var/home/root/samba340/libtalloc.so.1
#3 0x00002aaaac428936 in talloc_abort_unknown_value () from
/var/home/root/samba340/libtalloc.so.1
#4 0x00002aaaac42bfd7 in talloc_free () from
/var/home/root/samba340/libtalloc.so.1
#5 0x00005555555bced4 in free_spnego_data () from
/var/home/root/samba340/ntlm_auth
#6 0x00005555555a3962 in manage_gss_spnego_request (state=<value
optimized out>, buf=<value optimized out>, length=<value optimized out>)
at utils/ntlm_auth.c:1099
#7 0x00005555555a827b in main (argc=<value optimized out>, argv=<value
optimized out>) at utils/ntlm_auth.c:2198
Samba 3.3.x ( and prior ) releases responds with proper "TT xxx"
I think the problem is "free_spnego_data" started using talloc_free()
from samba 3.4.x onwards.
But ntlm_auth allocates mechTypes using malloc() and calls
"free_spnego_data" and dumps core while checking the magic number
Regards,
Mohan
More information about the samba-technical
mailing list