[Bug 1016895] Re: smbd crashed with SIGABRT in dump_core()

TJ 1016895 at bugs.launchpad.net
Tue Jul 31 19:59:24 UTC 2012 

source3/auth/auth_util.c::create_local_token() will sometimes add an
erroneous GID token for the group ID -1, which is treated as an
'unsigned int' and converted to 4294967295 (S-1-22-2-4294967295) ,
resulting in a crash in the syscall to Linux's setgroups().

Additional DEBUG() statements in the source reveal the issue. I'm still
working on a fix:

setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Security token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-22-2-0]
get_privileges_for_sids: sid = S-1-1-0
Privilege set: 0x0
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
create_local_token(i=1, server_info->utok.ngroups=0, sid=S-1-22-2-0)
create_local_token(i=2, server_info->utok.ngroups=1, sid=S-1-1-0)
create_local_token(i=3, server_info->utok.ngroups=2, sid=S-1-5-2) // SID_NT_NETWORK
create_local_token(i=4, server_info->utok.ngroups=2, sid=S-1-5-11)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-1-0)
create_local_token(server_info->utok.ngroups=2)
add_sid_to_array_unique(S-1-22-2-0)
add_sid_to_array_unique(S-1-22-2-4294967295)
Security token SIDs (6):
  SID[  0]: S-1-22-1-0
  SID[  1]: S-1-22-2-0
  SID[  2]: S-1-1-0
  SID[  3]: S-1-5-2
  SID[  4]: S-1-5-11
  SID[  5]: S-1-22-2-4294967295
 Privileges (0x               0):
 Rights (0x               0):
UNIX token of user 0
Primary group is 0 and contains 2 supplementary groups
Group[  0]: 0
Group[  1]: 4294967295

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1016895

Title:
  smbd crashed with SIGABRT in dump_core()

Status in “samba” package in Ubuntu:
  In Progress

Bug description:
  Sorry for not being of any help here. I don't really know what
  happened. There was suddenly a report about a system problem. and
  apport started. just updated a few hours ago.

  ProblemType: Crash
  DistroRelease: Ubuntu 12.10
  Package: samba 2:3.6.5-3ubuntu2
  ProcVersionSignature: Ubuntu 3.5.0-1.1-generic 3.5.0-rc3
  Uname: Linux 3.5.0-1-generic i686
  ApportVersion: 2.2.5-0ubuntu1
  Architecture: i386
  CrashCounter: 1
  Date: Sun Jun 24 19:37:16 2012
  ExecutablePath: /usr/sbin/smbd
  InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha i386 (20120509)
  NmbdLog:
   
  ProcCmdline: smbd -F
  ProcEnviron:
   PATH=(custom, no user)
   TERM=linux
  SambaServerRegression: Yes
  Signal: 6
  SmbConfIncluded: Yes
  SmbLog:
   
  SourcePackage: samba
  StacktraceTop:
   raise () from /lib/i386-linux-gnu/libc.so.6
   abort () from /lib/i386-linux-gnu/libc.so.6
   dump_core ()
   smb_panic ()
   ?? ()
  Title: smbd crashed with SIGABRT in raise()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  WindowsFailedConnect: Yes

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1016895/+subscriptions

More information about the foundations-bugs mailing list