I have recompiled pdbedit 3.0.2 with -g flag to be able to list sources from gdb
when
debugging pdbedit and discovered some more info but don't know how to
interpret
it:
(gdb) frame 1
#1 0x0806c899 in init_sam_from_buffer (sampass=0x81b8c28, buf=0x81b8d78
"",
buflen=208) at passdb/passdb.c:1462
1462 SAFE_FREE(domain);
(gdb) print domain
$8 = 0x10000 <Address 0x10000 out of bounds>
It looks like domain is invalid address. It seems some integer has been sucked
in into the pointer. This architecture is i686-pc-linux-gnu.
Or maybe the whole memory is fatally corrupt and just generic strange things
happen. I suspect the databases got broken by reinstalling one version of
samba to another.
Question: can the databases be broken by reinstalling one 3.0.* samba with
3.0.2? Or can the database be broken by reinstalling one 3.0.* samba with
another 3.0.* samba (possible higher or lower version)?
I can try removing the databases and building them again.
However, I think, no matter how corrupt data files on the samba systems are,
the executables should not crash on segfault. Or is there a case where crashing
on segfault due to invalid input is a correct behaviour for an executable?
Cl<
I have deleted the whole samba tree (rm -r /usr/local/samba) and reinstalled samba-3.0.2 with '-g' compiler flag switched on with make install and now pdbedit -L works. Fortunately I have saved the old tree (/usr/local/samba) so that it can still be ussed as assistance if anyone would be interester in debugging that segfault. Cl<
I tried to invoke the state of /usr/local/samba tree that causes pdbedit -L to segfault however I failed. What I tried (reload = reloading smbd and nmbd daemons): 3.0.2 make install reload pdbedit -L 3.0.1rc2 make install reload pdbedit -L 3.0.0 make install pdbedit -L reload pdbedit -L Cl<
I have determined that the segfault can be reproduced by:
1) Fresh installation of samba-3.0.2
2) Copying the "bad" private/passdb.tdb into
/usr/local/samba/private/passdb.tdb
However I can't post the passdb.tdb that causes this because I think it
contains sensitive information. However tdbdump dumps it without complaints:
tdbdump /root/samba-pdbedit-segfault/private/passdb.tdb
{
key = "USER_test\00"
data = "censored"
}
{
key = "RID_000003e8\00"
data = "root\00"
}
{
key = "USER_neptun$\00"
data = "censored"
}
{
key = "RID_00000bba\00"
data = "neptun$\00"
}
{
key = "RID_00000bbe\00"
data = "test\00"
}
{
key = "INFO/version\00"
data = "\01\00\00\00"
}
{
key = "USER_root\00"
data = "censored"
}
Is there a way how to dump the database into text format, edit the obviously
sensitive informations and then pack it back into .tdb file? I would need
something like reverse-tdbdump. Then I could maybe make an unsensitive
file that crashes pdbedit-3.0.2 -L and post it here.
Cl<