Ticket #78 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

libnss_mdns crashes Samba

Reported by: mschurter Owned by: lennart
Milestone: Component: nss-mdns
Keywords: Cc: michael@…

Description

I received a segmentation fault when running the Samba command: net ads join

A gdb backtrace revealed libnss_mdns was the culprit. Removing mdns from my nsswitch.conf file fixed Samba.

Backtrace: 

#0 0x0816e15d in timeval_add ()
#1 0xb791e76b in avahi_resolve_address () from /usr/lib/libnss_mdns.so.2
#2 0xb791ed09 in mdns_query_ipv4 () from /usr/lib/libnss_mdns.so.2
#3 0xb791c979 in _nss_mdns_gethostbyaddr_r () from /usr/lib/libnss_mdns.so.2
#4 0xb7cb6389 in gethostbyaddr_r () from /lib/tls/i686/cmov/libc.so.6
#5 0xb7cbeaac in getnameinfo () from /lib/tls/i686/cmov/libc.so.6
#6 0xb7da9c3a in ldap_pvt_get_hname () from /usr/lib/libldap_r.so.2
#7 0xb7da5007 in ldap_host_connected_to () from /usr/lib/libldap_r.so.2
#8 0xb7d91060 in ldap_int_open_connection () from /usr/lib/libldap_r.so.2
#9 0xb7da3503 in ldap_new_connection () from /usr/lib/libldap_r.so.2
#10 0xb7d90ef1 in ldap_open_defconn () from /usr/lib/libldap_r.so.2
#11 0xb7d91776 in ldap_open () from /usr/lib/libldap_r.so.2
#12 0x081cc341 in ldap_open_with_timeout ()
#13 0x081cc41f in ads_connect ()
#14 0x0807b9b1 in net_ads_check_our_domain ()
#15 0x0807d4bf in net_ads_join ()
#16 0x0807afa9 in net_ads ()
#17 0x0807adea in main ()

Using Debian Sid, libc6 2.3.6ds1-8, libnss-mdns 0.8-6, samba 3.0.23d-1

Change History

Changed 5 years ago by lennart

  • status changed from new to assigned

Hmm, strange error. Something is bogus with your backtrace, since timeval_add is never called from avahi_resolve_address() or any of the functions called by it.

Could you please post the strace output of this call:

strace -o nss-mdns.log net ads join

And would please try to use the "nss_mdns4" module instead of "nss_mdns" to check if that works?

Thanks!

Changed 5 years ago by lennart

  • component changed from avahi-common to nss-mdns

Changed 5 years ago by lennart

OK, i found the bug now, I guess. libnss-mdns shares a symbol name with samba. If the former is loaded into a process of the latter that specific function (timeval_add) is called with bogus arguments.

The fix is to make nss-mdns use different symbol names.

Changed 5 years ago by lennart

  • status changed from assigned to closed
  • resolution set to fixed

This has now been fixed in nss-mdns SVN r103.

 http://0pointer.de/cgi-bin/viewcvs.cgi?rev=103&root=nss-mdns&view=rev

Note: See TracTickets for help on using tickets.