Bug#346045: smbd segfaults when accessed from win2k sp4 client

Wed, 04 Jan 2006 21:33:07 -0800 

Subject: samba: segfaults when accessed from win2k sp4 client
Package: samba
Version: 3.0.21a-1
Severity: normal

When I access samba using a Windows 2000 SP 4 client, smbd crashes
during the authentication process.  I don't see the same crash using
smbclient.  Setting 'log level = 10' in smb.conf results in the
following interesting log data:

[2006/01/05 13:31:21, 10] libsmb/ntlmssp.c:ntlmssp_server_auth(730)
  ntlmssp_server_auth: Failed to create NTLM session key.
[2006/01/05 13:31:21, 5] libsmb/ntlmssp.c:ntlmssp_server_auth(756)
  server session key is invalid (len == 0), cannot do KEY_EXCH!
[2006/01/05 13:31:21, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/01/05 13:31:21, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x600082b5
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_SEAL
    NTLMSSP_NEGOTIATE_LM_KEY
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/01/05 13:31:21, 5] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(449)
  NTLMSSP Sign/Seal - using NTLM1
[2006/01/05 13:31:21, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2006/01/05 13:31:21, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 26528 (3.0.21a-Debian)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2006/01/05 13:31:21, 0] lib/fault.c:fault_report(39)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2006/01/05 13:31:21, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2006/01/05 13:31:21, 0] lib/util.c:smb_panic2(1544)
  smb_panic(): calling panic action [/usr/share/samba/panic-action 26528]
[2006/01/05 13:31:21, 0] lib/util.c:smb_panic2(1552)
  smb_panic(): action returned status 0
[2006/01/05 13:31:21, 0] lib/util.c:smb_panic2(1554)
  PANIC: internal error
[2006/01/05 13:31:21, 0] lib/util.c:smb_panic2(1562)
  BACKTRACE: 15 stack frames:
   #0 /usr/sbin/smbd(smb_panic2+0x7b) [0x801d973b]
   #1 /usr/sbin/smbd(smb_panic+0x11) [0x801d9961]
   #2 /usr/sbin/smbd [0x801c4816]
   #3 [0xffffe420]
   #4 /usr/sbin/smbd(ntlmssp_sign_init+0xda) [0x800dfcba]
   #5 /usr/sbin/smbd [0x800dd33d]
   #6 /usr/sbin/smbd(ntlmssp_update+0x21f) [0x800dc2ff]
   #7 /usr/sbin/smbd(auth_ntlmssp_update+0x39) [0x8021aa69]
   #8 /usr/sbin/smbd(reply_sesssetup_and_X+0x840) [0x80078c60]
   #9 /usr/sbin/smbd [0x800a338c]
   #10 /usr/sbin/smbd(process_smb+0x1a4) [0x800a3784]
   #11 /usr/sbin/smbd(smbd_process+0x1da) [0x800a47ca]
   #12 /usr/sbin/smbd(main+0x82b) [0x8026b38b]
   #13 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd0) [0xb7c3ceb0]
   #14 /usr/sbin/smbd [0x8003e011]

I'm reasonably (but not completely) sure that this problem only started
with the recent samba package update.

This trivial patch seems to fix it for me:

--- samba-3.0.21a.orig/source/libsmb/ntlmssp.c  2006-01-05 14:05:22.000000000 
+1000
+++ samba-3.0.21a/source/libsmb/ntlmssp.c       2006-01-05 14:02:22.000000000 
+1000
@@ -389,7 +389,7 @@
           to do this for the LM_KEY.
        */
 
-       if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) {
+       if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY && 
ntlmssp_state->session_key.data) {
                if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_128) {
                        ;
                } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_56) {


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages samba depends on:
ii  debconf [debc 1.4.67                     Debian configuration management sy
ii  libacl1       2.2.34-1                   Access control list shared library
ii  libattr1      2.4.25-1                   Extended attribute shared library
ii  libc6         2.3.5-11                   GNU C Library: Shared libraries an
ii  libcomerr2    1.38+1.39-WIP-2005.12.10-2 common error description library
ii  libcupsys2    1.1.23-15                  Common UNIX Printing System(tm) - 
ii  libkrb53      1.4.3-5                    MIT Kerberos runtime libraries
ii  libldap2      2.1.30-12                  OpenLDAP libraries
ii  libpam-module 0.79-3                     Pluggable Authentication Modules f
ii  libpam-runtim 0.79-3                     Runtime support for the PAM librar
ii  libpam0g      0.79-3                     Pluggable Authentication Modules l
ii  libpopt0      1.7-5                      lib for parsing cmdline parameters
ii  logrotate     3.7.1-2                    Log rotation utility
ii  lsb-base      3.0-13                     Linux Standard Base 3.0 init scrip
ii  netbase       4.23                       Basic TCP/IP networking system
ii  samba-common  3.0.21a-1                  Samba common files used by both th

Versions of packages samba recommends:
pn  smbldap-tools                 <none>     (no description available)

-- debconf information:
  samba/nmbd_from_inetd:
* samba/log_files_moved:
* samba/tdbsam: true
* samba/generate_smbpasswd: true
* samba/run_mode: daemons



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to