Project

General

Profile

Bug #10964

mdb smbsrv SEGV with IPv6 clients

Added by Gordon Ross 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
2019-05-14
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

With IPv6 clients attached, mdb -k -e ::smblist fails with SIGSEGV:

# mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc pcplusmp scsi_vhci zfs mpt sd ip hook neti sockfs arp usba stmf idm stmf_sbd lofs random smbsrv nfs cpc ufs logindmux ptm ipc ]
> ::smblist
SERVER ZONE STATE 
ffffff030630c580 0 RUNNING

mdb: received signal SEGV at:
[1] mdb`mdb_inet_ntop+0xa2()
[2] mdb`iob_ipv6addr2str+0x23()
[3] mdb`iob_doprnt+0x7d2()
[4] mdb`mdb_iob_vsnprintf+0xcb()
[5] mdb`mdb_snprintf+0x9e()
[6] smbsrv.so`smb_inaddr_ntop+0x6d()
[7] smbsrv.so`smbsess_dcmd+0x117()
[8] mdb`dcmd_invoke+0x7c()
[9] mdb`mdb_call_idcmd+0x112()
[10] mdb`mdb_call_dcmd+0x8d()
[11] smbsrv.so`pwalk_dcmd+0x30()
...

History

#1

Updated by Gordon Ross 5 months ago

  • Status changed from New to In Progress
#2

Updated by Gordon Ross 5 months ago

In the smbsrv mdb module, the function: smb_inaddr_ntop(),
we're passing the IPv6 struct where it wants a pointer. (missing & before the arg to mdb_snprintf)
so down in mdb_snprintf / mdb_inet_ntop, it takes the contents of that IPv6 address as a pointer...

#3

Updated by Gordon Ross 5 months ago

Testing:
With IPv6 SMB client connected, run mdb -k -e ::smblist
(works fine now)

#4

Updated by Joshua M. Clulow 5 months ago

  • Description updated (diff)
  • Tags deleted (needs-triage)
#5

Updated by Electric Monk 5 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 460505369f30f9bc79709c517401bf7ff6d97651

commit  460505369f30f9bc79709c517401bf7ff6d97651
Author: Gordon Ross <gwr@nexenta.com>
Date:   2019-05-18T23:46:22.000Z

    10964 mdb smbsrv SEGV with IPv6 clients
    Reviewed by: Kevin Crowe <kevin.crowe@nexenta.com>
    Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
    Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
    Approved by: Joshua M. Clulow <josh@sysmgr.org>

Also available in: Atom PDF