[Pkg-samba-maint] Bug#495653: samba: libc free() crash in smbd
Uwe Schindler
uwe at thetaphi.de
Tue Aug 19 12:22:41 UTC 2008
Package: samba
Version: 2:3.2.0-4
Severity: important
Since update to 3.2.0, smbd crashes with segfault whenever a user (from
WindowsXP) needs to authenticate. Public shares without authentication (see
attached config) work correct. After the crash the smbd daemon is unuseable
anymore and needs to be restarted hard (kill -9), simple sysv restart leaves
some crashed processes around making smbd unuseable.
Here is the log:
[2008/08/05 20:09:04, 0] smbd/server.c:main(1212)
smbd version 3.2.0 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
*** glibc detected *** /usr/sbin/smbd: free(): invalid pointer: 0x091ce080 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7b448f5]
/lib/i686/cmov/libc.so.6(cfree+0x90)[0xb7b48360]
/usr/sbin/smbd(str_list_substitute+0x18a)[0x82b7eee]
/usr/sbin/smbd[0x80c2bbf]
/usr/sbin/smbd(authorise_login+0xd1)[0x80c2d7e]
/usr/sbin/smbd[0x8126c64]
/usr/sbin/smbd(make_connection+0x734)[0x81291a1]
/usr/sbin/smbd(reply_tcon_and_X+0x404)[0x80e6534]
/usr/sbin/smbd[0x8123616]
/usr/sbin/smbd(chain_reply+0x2d8)[0x8124882]
/usr/sbin/smbd(reply_sesssetup_and_X+0x1409)[0x80f04a2]
/usr/sbin/smbd[0x8123616]
/usr/sbin/smbd(smbd_process+0x423)[0x8125141]
/usr/sbin/smbd(main+0xfa2)[0x8512137]
/lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7aef450]
/usr/sbin/smbd[0x80a9991]
======= Memory map: ========
08048000-085d8000 r-xp 00000000 03:01 385447 /usr/sbin/smbd
085d8000-085e0000 r--p 0058f000 03:01 385447 /usr/sbin/smbd
085e0000-085e9000 rw-p 00597000 03:01 385447 /usr/sbin/smbd
085e9000-085eb000 rw-p 085e9000 00:00 0
0911c000-091e1000 rw-p 0911c000 00:00 0 [heap]
b7600000-b7621000 rw-p b7600000 00:00 0
b7621000-b7700000 ---p b7621000 00:00 0
b77ae000-b77ba000 r-xp 00000000 03:01 416138 /lib/libgcc_s.so.1
b77ba000-b77bb000 rw-p 0000b000 03:01 416138 /lib/libgcc_s.so.1
b77bb000-b77ce000 rw-s 00000000 00:11 4858 /mnt/tmpfs/var/lib/samba/group_mapping.ldb
b77ce000-b77d7000 r-xp 00000000 03:01 432343 /lib/i686/cmov/libnss_files-2.7.so
b77d7000-b77d9000 rw-p 00008000 03:01 432343 /lib/i686/cmov/libnss_files-2.7.so
b77d9000-b77e1000 r-xp 00000000 03:01 432345 /lib/i686/cmov/libnss_nis-2.7.so
b77e1000-b77e3000 rw-p 00007000 03:01 432345 /lib/i686/cmov/libnss_nis-2.7.so
b77e3000-b77ea000 r-xp 00000000 03:01 432341 /lib/i686/cmov/libnss_compat-2.7.so
b77ea000-b77ec000 rw-p 00006000 03:01 432341 /lib/i686/cmov/libnss_compat-2.7.so
b77f6000-b77f7000 rw-s 00000000 00:11 8775 /mnt/tmpfs/var/run/samba/notify.tdb
b77f7000-b77f8000 rw-s 00000000 00:11 4859 /mnt/tmpfs/var/lib/samba/share_info.tdb
b77f8000-b77f9000 rw-s 00000000 00:11 4864 /mnt/tmpfs/var/lib/samba/account_policy.tdb
b77f9000-b77fc000 rw-s 00000000 00:11 4865 /mnt/tmpfs/var/lib/samba/passdb.tdb
b77fc000-b77fd000 rw-s 00000000 00:11 4860 /mnt/tmpfs/var/lib/samba/ntforms.tdb
b77fd000-b77fe000 rw-s 00000000 00:11 4861 /mnt/tmpfs/var/lib/samba/ntprinters.tdb
b77fe000-b77ff000 rw-s 00000000 00:11 4862 /mnt/tmpfs/var/lib/samba/ntdrivers.tdb
b77ff000-b7800000 rw-s 00000000 00:11 6812 /mnt/tmpfs/var/run/samba/gencache.tdb
b7800000-b780a000 rw-s 00000000 00:11 6818 /mnt/tmpfs/var/run/samba/locking.tdb
b780a000-b7814000 rw-s 00000000 00:11 6817 /mnt/tmpfs/var/run/samba/brlock.tdb
b7814000-b782a000 rw-s 00000000 00:11 6798 /mnt/tmpfs/var/run/samba/connections.tdb
b782a000-b782b000 rw-s 00000000 00:11 6815 /mnt/tmpfs/var/run/samba/sessionid.tdb
b782b000-b783b000 r--s 00000000 03:01 465271 /usr/share/samba/valid.dat
b783b000-b783d000 r-xp 00000000 03:01 390472 /usr/lib/gconv/IBM850.so
b783d000-b783f000 rw-p 00001000 03:01 390472 /usr/lib/gconv/IBM850.so
b783f000-b7841000 r-xp 00000000 03:01 390906 /usr/lib/gconv/ISO8859-15.so
b7841000-b7843000 rw-p 00001000 03:01 390906 /usr/lib/gconv/ISO8859-15.so
b7843000-b7845000 r-xp 00000000 03:01 336007 /usr/lib/gconv/UTF-16.so
b7845000-b7847000 rw-p 00001000 03:01 336007 /usr/lib/gconv/UTF-16.so
b7847000-b79f8000 r--p 00000000 03:01 400622 /usr/lib/locale/locale-archive
b79f8000-b7a18000 r--s 00000000 03:01 465264 /usr/share/samba/lowcase.dat
b7a18000-b7a38000 r--s 00000000 03:01 465270 /usr/share/samba/upcase.dat
b7a38000-b7a3a000 rw-p b7a38000 00:00 0
b7a3a000-b7aa0000 r-xp 00000000 03:01 393226 /usr/lib/libgcrypt.so.11.4.4
b7aa0000-b7aa2000 rw-p 00066000 03:01 393226 /usr/lib/libgcrypt.so.11.4.4
b7aa2000-b7aa5000 r-xp 00000000 03:01 387609 /usr/lib/libgpg-error.so.0.3.0
b7aa5000-b7aa6000 rw-p 00002000 03:01 387609 /usr/lib/libgpg-error.so.0.3.0
b7aa6000-b7ab5000 r-xp 00000000 03:01 387579 /usr/lib/libtasn1.so.3.0.15
b7ab5000-b7ab6000 rw-p 0000e000 03:01 387579 /usr/lib/libtasn1.so.3.0.15
b7ab6000-b7ab7000 rw-p b7ab6000 00:00 0
b7ab7000-b7ab9000 r-xp 00000000 03:01 416208 /lib/libkeyutils-1.2.so
b7ab9000-b7aba000 rw-p 00001000 03:01 416208 /lib/libkeyutils-1.2.so
b7aba000-b7ac1000 r-xp 00000000 03:01 384800 /usr/lib/libkrb5support.so.0.1
b7ac1000-b7ac2000 rw-p 00006000 03:01 384800 /usr/lib/libkrb5support.so.0.1
b7ac2000-b7ad8000 r-xp 00000000 03:01 385066 /usr/lib/libsasl2.so.2.0.22
b7ad8000-b7ad9000 rw-p 00015000 03:01 385066 /usr/lib/libsasl2.so.2.0.22
b7ad9000-b7c21000 r-xp 00000000 03:01 432334 /lib/i686/cmov/libc-2.7.so
b7c21000-b7c22000 r--p 00148000 03:01 432334 /lib/i686/cmov/libc-2.7.so
b7c22000-b7c24000 rw-p 00149000 03:01 432334 /lib/i686/cmov/libc-2.7.so
b7c24000-b7c27000 rw-p b7c24000 00:00 0
b7c27000-b7c2e000 r-xp 00000000 03:01 385434 /usr/lib/libwbclient.so.0
b7c2e000-b7c30000 rw-p 00006000 03:01 385434 /usr/lib/libwbclient.so.0
b7c30000-b7c31000 rw-p b7c30000 00:00 0
b7c31000-b7c38000 r-xp 00000000 03:01 385432 /usr/lib/libtalloc.so.1.2.0
b7c38000-b7c39000 rw-p 00006000 03:01 385432 /usr/lib/libtalloc.so.1.2.0
b7c39000-b7c41000 r-xp 00000000 03:01 416082 /lib/libpopt.so.0.0.0
b7c41000-b7c42000 rw-p 00007000 03:01 416082 /lib/libpopt.so.0.0.0
b7c42000-b7c44000 r-xp 00000000 03:01 432337 /lib/i686/cmov/libdl-2.7.so
b7c44000-b7c46000 rw-p 00001000 03:01 432337 /lib/i686/cmov/libdl-2.7.so
b7c46000-b7c5a000 r-xp 00000000 03:01 432340 /lib/i686/cmov/libnsl-2.7.so
b7c5a000-b7c5c000 rw-p 00013000 03:01 432340 /lib/i686/cmov/libnsl-2.7.so
b7c5c000-b7c5e000 rw-p b7c5c000 00:00 0
b7c5e000-b7c6d000 r-xp 00000000 03:01 432349 /lib/i686/cmov/libresolv-2.7.so
b7c6d000-b7c6f000 rw-p 0000f000 03:01 432349 /lib/i686/cmov/libresolv-2.7.so
b7c6f000-b7c71000 rw-p b7c6f000 00:00 0
b7c71000-b7c75000 r-xp 00000000 03:01 416195 /lib/libattr.so.1.1.0
b7c75000-b7c76000 rw-p 00003000 03:01 416195 /lib/libattr.so.1.1.0
b7c76000-b7c77000 rw-p b7c76000 00:00 0
b7c77000-b7c7d000 r-xp 00000000 03:01 416124 /lib/libacl.so.1.1.0
b7c7d000-b7c7e000 rw-p 00005000 03:01 416124 /lib/libacl.so.1.1.0
b7c7e000-b7c87000 r-xp 00000000 03:01 416102 /lib/libpam.so.0.81.6
b7c87000-b7c88000 rw-p 00009000 03:01 416102 /lib/libpam.so.0.81.6
b7c88000-b7c91000 r-xp 00000000 03:01 432336 /lib/i686/cmov/libcrypt-2.7.so
b7c91000-b7c93000 rw-p 00008000 03:01 432336 /lib/i686/cmov/libcrypt-2.7.so
b7c93000-b7cba000 rw-p b7c93000 00:00 0
b7cba000-b7cdd000 r-xp 00000000 03:01 432338 /lib/i686/cmov/libm-2.7.so
b7cdd000-b7cdf000 rw-p 00023000 03:01 432338 /lib/i686/cmov/libm-2.7.so
b7cdf000-b7cf3000 r-xp 00000000 03:01 432348 /lib/i686/cmov/libpthread-2.7.so
b7cf3000-b7cf5000 rw-p 00013000 03:01 432348 /lib/i686/cmov/libpthread-2.7.so
b7cf5000-b7cf7000 rw-p b7cf5000 00:00 0
b7cf7000-b7d0b000 r-xp 00000000 03:01 384483 /usr/lib/libz.so.1.2.3.3
b7d0b000-b7d0c000 rw-p 00013000 03:01 384483 /usr/lib/libz.so.1.2.3.3
b7d0c000-b7d0d000 rw-p b7d0c000 00:00 0
b7d0d000-b7da4000 r-xp 00000000 03:01 391518 /usr/lib/libgnutls.so.26.4.5
b7da4000-b7daa000 rw-p 00097000 03:01 391518 /usr/lib/libgnutls.so.26.4.5
b7daa000-b7ddd000 r-xp 00000000 03:01 384677 /usr/lib/libcups.so.2
b7ddd000-b7ddf000 rw-p 00033000 03:01 384677 /usr/lib/libcups.so.2
b7ddf000-b7de1000 r-xp 00000000 03:01 416008 /lib/libcom_err.so.2.1
b7de1000-b7de2000 rw-p 00001000 03:01 416008 /lib/libcom_err.so.2.1
b7de2000-b7e05000 r-xp 00000000 03:01 384797 /usr/lib/libk5crypto.so.3.1
b7e05000-b7e06000 rw-p 00023000 03:01 384797 /usr/lib/libk5crypto.so.3.1
b7e06000-b7e98000 r-xp 00000000 03:01 384799 /usr/lib/libkrb5.so.3.3
b7e98000-b7e9a000 rw-p 00092000 03:01 384799 /usr/lib/libkrb5.so.3.3
b7e9a000-b7ec3000 r-xp 00000000 03:01 384796 /usr/lib/libgssapi_krb5.so.2.2
b7ec3000-b7ec4000 rw-p 00028000 03:01 384796 /usr/lib/libgssapi_krb5.so.2.2
b7ec4000-b7ec5000 rw-p b7ec4000 00:00 0
b7ec5000-b7ed1000 r-xp 00000000 03:01 393661 /usr/lib/liblber-2.4.so.2.0.6
b7ed1000-b7ed2000 rw-p 0000b000 03:01 393661 /usr/lib/liblber-2.4.so.2.0.6
b7ed2000-b7f10000 r-xp 00000000 03:01 393665 /usr/lib/libldap_r-2.4.so.2.0.6
b7f10000-b7f12000 rw-p 0003d000 03:01 393665 /usr/lib/libldap_r-2.4.so.2.0.6
b7f12000-b7f13000 rw-p b7f12000 00:00 0
b7f13000-b7f15000 rw-s 00000000 00:11 4867 /mnt/tmpfs/var/lib/samba/secrets.tdb
b7f15000-b7f16000 rw-s 00000000 00:11 6796 /mnt/tmpfs/var/run/samba/messages.tdb
b7f16000-b7f1d000 r--s 00000000 03:01 336012 /usr/lib/gconv/gconv-modules.cache
b7f1d000-b7f1f000 rw-p b7f1d000 00:00 0
b7f1f000-b7f20000 r-xp b7f1f000 00:00 0 [vdso]
b7f20000-b7f3a000 r-xp 00000000 03:01 416295 /lib/ld-2.7.so
b7f3a000-b7f3c000 rw-p 00019000 03:01 416295 /lib/ld-2.7.so
bfe27000-bfe3c000 rw-p bffeb000 00:00 0 [stack]
Here is my smb.conf (a little bit shortened):
#======================= Global Settings =======================
[global]
## Browsing/Identification ###
# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = THETAPHI
# server string is the equivalent of the NT Description field
server string = %h server
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve host names
# to IP addresses
; name resolve order = lmhosts host wins bcast
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
interfaces = ethlan
# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself. However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
bind interfaces only = true
#### Debugging/Accounting ####
# This tells Samba to use a separate log file for each machine
# that connects
; log file = /var/log/samba/log.%m
# Put a capping on the size of the log files (in Kb).
; max log size = 1000
# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
syslog only = yes
# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 1
# Do something sensible when Samba crashes: mail the admin a backtrace
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
security = share
# You may wish to use password encryption. See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
passdb backend = tdbsam
obey pam restrictions = yes
; guest account = nobody
invalid users = root
#======================= Share Definitions =======================
[homes]
comment = Home Directory
browseable = no
# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
writable = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0755
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0755
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# This share works:
[public]
comment = Public Stuff from all Home Dirs
path = /home
public = yes
writable = no
guest ok = yes
force user = nobody
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0 1.5.22 Debian configuration management sy
ii libacl1 2.2.47-2 Access control list shared library
ii libattr1 1:2.4.43-1 Extended attribute shared library
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcomerr2 1.41.0-3 common error description library
ii libcups2 1.3.8-1 Common UNIX Printing System(tm) -
ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.10-3 OpenLDAP libraries
ii libpam-modules 1.0.1-2 Pluggable Authentication Modules f
ii libpam-runtime 1.0.1-2 Runtime support for the PAM librar
ii libpam0g 1.0.1-2 Pluggable Authentication Modules l
ii libpopt0 1.14-4 lib for parsing cmdline parameters
ii libtalloc1 1.2.0~git20080616-1 hierarchical pool based memory all
ii libwbclient0 2:3.2.0-4 client library for interfacing wit
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.2-19 Linux Standard Base 3.2 init scrip
ii procps 1:3.2.7-8 /proc file system utilities
ii samba-common 2:3.2.0-4 Samba common files used by both th
ii update-inetd 4.30 inetd configuration file updater
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
samba recommends no packages.
Versions of packages samba suggests:
ii openbsd-inetd [inet-superse 0.20080125-1 The OpenBSD Internet Superserver
pn smbldap-tools <none> (no description available)
-- debconf information excluded
More information about the Pkg-samba-maint
mailing list