ntlm_auth dumps core on Samba 3.4.x

[Mohan Narayanaswamy]

Hello Everyone,

 

I was trying to use ntlm_auth utility on samba 3.4.x (onwards) as an
authentication proxy . 

It seems "gss-spnego" helper protocol dumps core every time when I send
the initial command "YR". 

 

#0  0x00002aaaaca7a065 in raise () from /lib64/libc.so.6

#1  0x00002aaaaca7bb00 in abort () from /lib64/libc.so.6

#2  0x00002aaaac42891f in talloc_abort () from
/var/home/root/samba340/libtalloc.so.1

#3  0x00002aaaac428936 in talloc_abort_unknown_value () from
/var/home/root/samba340/libtalloc.so.1

#4  0x00002aaaac42bfd7 in talloc_free () from
/var/home/root/samba340/libtalloc.so.1

#5  0x00005555555bced4 in free_spnego_data () from
/var/home/root/samba340/ntlm_auth

#6  0x00005555555a3962 in manage_gss_spnego_request (state=<value
optimized out>, buf=<value optimized out>, length=<value optimized out>)
at utils/ntlm_auth.c:1099

#7  0x00005555555a827b in main (argc=<value optimized out>, argv=<value
optimized out>) at utils/ntlm_auth.c:2198

 

Samba 3.3.x ( and prior ) releases responds with  proper "TT xxx"

 

I think the problem is "free_spnego_data" started using talloc_free()
from samba 3.4.x onwards. 

But ntlm_auth allocates mechTypes using malloc() and calls
"free_spnego_data"  and dumps core while checking the magic number

 

Regards,

Mohan