[Samba] Samba 4.1.4 crashes with "invalid next size"

Marc Muehlfeld samba at marc-muehlfeld.de
Mon Feb 3 14:25:17 MST 2014 

Hello Philipp,

Am 03.02.2014 21:02, schrieb Philipp v. Thunen:
>> [2014/02/03 10:01:15.823164,  5, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/uid.c:363(change_to_user_internal)
>>    Impersonated user: uid=(3000029,3000029), gid=(0,100)
>> [2014/02/03 10:01:15.823184,  4, pid=13235, effective(3000029, 100), real(3000029, 0), class=vfs] ../source3/smbd/vfs.c:838(vfs_ChDir)
>>    vfs_ChDir to /samba/ra
>> [2014/02/03 10:01:15.823217,  4, pid=13235, effective(3000029, 100), real(3000029, 0), class=vfs] ../source3/smbd/vfs.c:849(vfs_ChDir)
>>    vfs_ChDir got /samba/ra
>> [2014/02/03 10:01:15.823247, 10, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/smb2_server.c:1780(smbd_smb2_request_verify_creditcharge)
>>    mid 3, CreditCharge: 1, NeededCharge: 1
>> [2014/02/03 10:01:15.823304, 10, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send)
>>    smbd_smb2_ioctl: ctl_code[0x00140204] <no handle>, fnum [fsp is NULL]
>> [2014/02/03 10:01:15.823336, 10, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done)
>>    smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 24 status NT_STATUS_OK
>> [2014/02/03 10:01:15.823358, 10, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/smb2_server.c:2499(smbd_smb2_request_done_ex)
>>    smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:24] at ../source3/smbd/smb2_ioctl.c:358
>> [2014/02/03 10:01:15.823375, 10, pid=13235, effective(3000029, 100), real(3000029, 0)] ../source3/smbd/smb2_server.c:874(smb2_set_operation_credit)
>>    smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 482/512, total granted/max/low/range 31/8192/4/31
>> [2014/02/03 10:01:15.823393,  5, pid=13235, effective(3000029, 100), real(3000029, 0)] ../libcli/smb/smb2_signing.c:92(smb2_signing_sign_pdu)
>>    signed SMB2 message
>> *** glibc detected *** /usr/sbin/smbd: free(): invalid next size (fast): 0x00007ffd9b7f7160 ***


Is this the same crash? https://bugzilla.samba.org/show_bug.cgi?id=10415


Regards,
Marc

More information about the samba mailing list