[Pkg-samba-maint] Bug#500129: smbclient: segfaults, when i trie to list the content of a share

Lars Eric Scheidler afds at pool.math.tu-berlin.de
Thu Sep 25 10:45:46 UTC 2008 

Package: smbclient
Version: 2:3.2.3-1
Severity: important

Hi,
  when I trie to list a share in smbclient, smbclient segfaults.
  The share is a Iomega Home Network Hard Drive (500GB).

  This is the commandline with output:
lightning:/# smbclient -d 100 -N -W WORKGROUP '//STORAGE-B4E3/PUBLIC'
INFO: Current debug levels:
  all: True/100
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
  dmapi: False/0
  registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = WORKGROUP
doing parameter server string = %h server
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter encrypt passwords = true
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_STANDALONE
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
added interface tap0 ip=130.149.11.243 bcast=130.149.11.255 netmask=255.255.255.0
added interface eth0:1 ip=192.168.0.1 bcast=192.168.0.255 netmask=255.255.255.0
added interface tap1 ip=192.168.0.4 bcast=192.168.0.255 netmask=255.255.255.0
added interface eth1 ip=192.168.2.1 bcast=192.168.2.255 netmask=255.255.255.0
added interface eth0 ip=192.168.42.16 bcast=192.168.42.255 netmask=255.255.255.0
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Substituting charset 'ANSI_X3.4-1968' for LOCALE
Netbios name list:-
my_netbios_names[0]="LIGHTNING"
Client started (version 3.2.3).
Opening cache file at /var/run/samba/gencache.tdb
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for 
internal_resolve_name: looking up STORAGE-B4E3#20 (sitename (null))
Returning valid cache entry: key = NBT/STORAGE-B4E3#20, value = 192.168.0.15:0, timeout = Thu Sep 25 10:37:26 2008
name STORAGE-B4E3#20 found.
Connecting to 192.168.0.15 at port 445
error connecting to 192.168.0.15:445 (Connection refused)
Connecting to 192.168.0.15 at port 139
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 87380
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(5,72)
write_socket(5,72) wrote 72
Sent session request
got smb length of 0
size=0
smb_com=0x0
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=0
smb_flg2=0
smb_tid=0
smb_pid=0
smb_uid=0
smb_mid=0
smt_wct=0
smb_bcc=0
 session request ok
write_socket(5,194)
write_socket(5,194) wrote 194
got smb length of 77
size=77
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=9737
smb_uid=0
smb_mid=2
smt_wct=17
smb_vwv[ 0]=    9 (0x9)
smb_vwv[ 1]=  258 (0x102)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=  255 (0xFF)
smb_vwv[ 5]=65280 (0xFF00)
smb_vwv[ 6]=  255 (0xFF)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]= 1792 (0x700)
smb_vwv[10]=    2 (0x2)
smb_vwv[11]=    0 (0x0)
smb_vwv[12]=    0 (0x0)
smb_vwv[13]=    0 (0x0)
smb_vwv[14]=    0 (0x0)
smb_vwv[15]=50176 (0xC400)
smb_vwv[16]= 2303 (0x8FF)
smb_bcc=8
[000] 00 00 00 00 00 00 00 00                           ........ 
size=77
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=9737
smb_uid=0
smb_mid=2
smt_wct=17
smb_vwv[ 0]=    9 (0x9)
smb_vwv[ 1]=  258 (0x102)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]=    0 (0x0)
smb_vwv[ 4]=  255 (0xFF)
smb_vwv[ 5]=65280 (0xFF00)
smb_vwv[ 6]=  255 (0xFF)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]= 1792 (0x700)
smb_vwv[10]=    2 (0x2)
smb_vwv[11]=    0 (0x0)
smb_vwv[12]=    0 (0x0)
smb_vwv[13]=    0 (0x0)
smb_vwv[14]=    0 (0x0)
smb_vwv[15]=50176 (0xC400)
smb_vwv[16]= 2303 (0x8FF)
smb_bcc=8
[000] 00 00 00 00 00 00 00 00                           ........ 
write_socket(5,132)
write_socket(5,132) wrote 132
got smb length of 70
size=70
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=34817
smb_tid=0
smb_pid=9737
smb_uid=0
smb_mid=3
smt_wct=3
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=   42 (0x2A)
smb_vwv[ 2]=    0 (0x0)
smb_bcc=28
[000] 00 52 00 00 00 52 00 00  00 57 00 4F 00 52 00 4B  .R...R.. .W.O.R.K
[010] 00 47 00 52 00 4F 00 55  00 50 00 00              .G.R.O.U .P..
size=70
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=34817
smb_tid=0
smb_pid=9737
smb_uid=0
smb_mid=3
smt_wct=3
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=   42 (0x2A)
smb_vwv[ 2]=    0 (0x0)
smb_bcc=28
[000] 00 52 00 00 00 52 00 00  00 57 00 4F 00 52 00 4B  .R...R.. .W.O.R.K
[010] 00 47 00 52 00 4F 00 55  00 50 00 00              .G.R.O.U .P..
Domain=[WORKGROUP] OS=[R] Server=[R]
 session setup ok
write_socket(5,98)
write_socket(5,98) wrote 98
got smb length of 44
size=44
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=34817
smb_tid=4
smb_pid=9737
smb_uid=0
smb_mid=4
smt_wct=3
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=   56 (0x38)
smb_vwv[ 2]=    1 (0x1)
smb_bcc=3
[000] 41 3A 00                                          A:. 
 tconx ok
dos_clean_name [(null)]
smb: \> write_socket(5,57)
write_socket(5,57) wrote 57
got smb length of 53
size=53
smb_com=0x2b
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=34817
smb_tid=65535
smb_pid=9737
smb_uid=0
smb_mid=5
smt_wct=1
smb_vwv[ 0]=    1 (0x1)
smb_bcc=16
[000] F0 F0 F0 F0 F0 F0 F0 F0  F0 F0 F0 F0 F0 F0 F0 F0  ........ ........
ls
size=86
smb_com=0x32
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=8
smb_flg2=34817
smb_tid=4
smb_pid=9737
smb_uid=0
smb_mid=6
smt_wct=15
smb_vwv[ 0]=   18 (0x12)
smb_vwv[ 1]=    0 (0x0)
smb_vwv[ 2]=   10 (0xA)
smb_vwv[ 3]=65280 (0xFF00)
smb_vwv[ 4]=    0 (0x0)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=    0 (0x0)
smb_vwv[ 7]=    0 (0x0)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=76
[000] 00 00 00 02 00 01 00 00  00 42 00 00 00 00 00 FA  ........ .B......
[010] 40 98 45 FA 40 98 45 FA  40 98 45 00 00 00 00 00  @.E. at .E. @.E.....
[020] 00 00 00 10 00 04 00 2E  00 00 00 01 00 00 00 FA  ........ ........
[030] 40 98 45 FA 40 98 45 FA  40 98 45 00 00 00 00 00  @.E. at .E. @.E.....
[040] 00 00 00 10 00 06 00 2E  00 2E 00 00              ........ ....
size=132
smb_com=0x32
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=34817
smb_tid=4
smb_pid=9737
smb_uid=0
smb_mid=6
smt_wct=10
smb_vwv[ 0]=   10 (0xA)
smb_vwv[ 1]=   66 (0x42)
smb_vwv[ 2]=    0 (0x0)
smb_vwv[ 3]=   10 (0xA)
smb_vwv[ 4]=   56 (0x38)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]=   66 (0x42)
smb_vwv[ 7]=   66 (0x42)
smb_vwv[ 8]=    0 (0x0)
smb_vwv[ 9]=    0 (0x0)
smb_bcc=76
[000] 00 00 00 02 00 01 00 00  00 42 00 00 00 00 00 FA  ........ .B......
[010] 40 98 45 FA 40 98 45 FA  40 98 45 00 00 00 00 00  @.E. at .E. @.E.....
[020] 00 00 00 10 00 04 00 2E  00 00 00 01 00 00 00 FA  ........ ........
[030] 40 98 45 FA 40 98 45 FA  40 98 45 00 00 00 00 00  @.E. at .E. @.E.....
[040] 00 00 00 10 00 06 00 2E  00 2E 00 00              ........ ....
cli_list_new: Error: unable to parse name from info level 1
Segmentation fault


== with gdb ==================================================================
lightning:/# gdb smbclient
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show
copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) set args -N -W WORKGROUP '//STORAGE-B4E3/PUBLIC'
(gdb) run
Starting program: /usr/bin/smbclient -N -W WORKGROUP
'//STORAGE-B4E3/PUBLIC'
[Thread debugging using libthread_db enabled]
[New Thread 0xb7aa16d0 (LWP 9790)]
Domain=[WORKGROUP] OS=[R] Server=[R]
smb: \> ls
cli_list_new: Error: unable to parse name from info level 1

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7aa16d0 (LWP 9790)]
0xb7c7e623 in strlen () from /lib/libc.so.6
(gdb) bt
#0  0xb7c7e623 in strlen () from /lib/libc.so.6
#1  0xb7c7e345 in strdup () from /lib/libc.so.6
#2  0x080c2487 in cli_list_new ()
#3  0x080c2893 in cli_list ()
#4  0x0808d36b in do_list ()
#5  0x0808db02 in cmd_dir ()
#6  0x0808c063 in main ()
(gdb)

note: this was made in a chroot with debian testing, the same
      behavior exists in unstable with version 2:3.2.3-2

Best regards,
  Lars Eric Scheidler

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26.5 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15
(charmap=locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory 
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages smbclient depends on:
ii  libc6                2.7-13              GNU C Library: Shared libraries
ii  libcomerr2           1.41.0-3            common error description library
ii  libkrb53             1.6.dfsg.4~beta1-4  MIT Kerberos runtime libraries
ii  libldap-2.4-2        2.4.10-3            OpenLDAP libraries
ii  libncurses5          5.6+20080830-1      shared libraries for terminal hand
ii  libpopt0             1.14-4              lib for parsing cmdline parameters
ii  libreadline5         5.2-3               GNU readline and history libraries
ii  libtalloc1           1.2.0~git20080616-1 hierarchical pool based memory all
ii  libwbclient0         2:3.2.3-1           client library for interfacing wit
ii  samba-common         2:3.2.3-1           Samba common files used by both th

smbclient recommends no packages.

Versions of packages smbclient suggests:
pn  smbfs                         <none>     (no description available)

-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LANGUAGE = (unset),
        LC_ALL = (unset),
        LANG = "en_US.ISO-8859-15"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

More information about the Pkg-samba-maint mailing list