Ubuntu
samba package

Bug #1015935
Comment #4

Comment 4 for bug 1015935

Revision history for this message

Kai Blin (kai.blin) wrote on 2012-06-25:

Ok, this actually is a bug in libpam-smbpass, not in swat.

When recompiling the packages with debug info, the backtrace from swat is:

#0 0xb7217600 in ?? ()
#1 0xb7d7923c in _talloc_free () from /usr/lib/i386-linux-gnu/libtalloc.so.2
#2 0x8027fae1 in smb_iconv_close (cd=0x8081f768) at ../lib/util/charset/iconv.c:337
#3 0x8026ee61 in close_iconv_convenience (data=0x80812228) at ../lib/util/charset/codepoints.c:203
#4 0x8026f08c in smb_iconv_convenience_reinit (mem_ctx=0x0, dos_charset=0x80816c08 "CP850", unix_charset=0x80816bc8 "UTF-8",
display_charset=0xb745930c "UTF-8", native_iconv=true, old_ic=0x80812228) at ../lib/util/charset/codepoints.c:265
#5 0x8025b037 in init_iconv () at lib/charcnv.c:78
#6 0x8025af8c in lazy_initialize_conv () at lib/charcnv.c:55
#7 0x8025bb59 in convert_string_talloc (ctx=0x80816b90, from=CH_UTF8, to=CH_UNIX, src=0x8081cd60, srclen=9, dst=0xbffff670, converted_size=0xbffff674,
allow_bad_conv=true) at lib/charcnv.c:480
#8 0x8007207d in cgi_load_variables () at web/cgi.c:214
#9 0x80079c4c in main (argc=1, argv=0xbffff824) at web/swat.c:1581

Note the call to close_iconv_convenience() in frame 3.

Now, when looking at libpam-smbpass.so symbols with nm, this gives the following iconv-related output:

0008fe20 t close_iconv_convenience
0008fd4c T get_iconv_convenience
00207a80 B global_iconv_convenience
         U iconv@@GLIBC_2.1
         U iconv_close@@GLIBC_2.1
000a111b t iconv_copy
         U iconv_open@@GLIBC_2.1
000a1057 t iconv_swab
0007c01a T init_iconv
000a0364 t lazy_initialize_iconv
000a03ff T smb_iconv
000a0af6 T smb_iconv_close
00090085 T smb_iconv_convenience_reinit
000a0abc T smb_iconv_open
000a0686 T smb_iconv_open_ex
000a0600 t smb_iconv_t_destructor
000a0389 t sys_iconv

Again, note the t close_iconv_convenience, which as far as I understand says that libpam-smbpass contains close_iconv_convenience in it's text section, so there's a copy of that call in libpam-smbpass.
Now, if libpam-smbpass is loaded, it seems like swat uses the wrong version of that call, and things go wrong.
If you comment out the libpam-smbpass line in /etc/pam.d/common-auth, The crash is gone.

Ok, this actually is a bug in libpam-smbpass, not in swat.

When recompiling the packages with debug info, the backtrace from swat is:

#0  0xb7217600 in ?? ()
#1  0xb7d7923c in _talloc_free () from /usr/lib/i386-linux-gnu/libtalloc.so.2
#2  0x8027fae1 in smb_iconv_close (cd=0x8081f768) at ../lib/util/charset/iconv.c:337
#3  0x8026ee61 in close_iconv_convenience (data=0x80812228) at ../lib/util/charset/codepoints.c:203
#4  0x8026f08c in smb_iconv_convenience_reinit (mem_ctx=0x0, dos_charset=0x80816c08 "CP850", unix_charset=0x80816bc8 "UTF-8", 
    display_charset=0xb745930c "UTF-8", native_iconv=true, old_ic=0x80812228) at ../lib/util/charset/codepoints.c:265
#5  0x8025b037 in init_iconv () at lib/charcnv.c:78
#6  0x8025af8c in lazy_initialize_conv () at lib/charcnv.c:55
#7  0x8025bb59 in convert_string_talloc (ctx=0x80816b90, from=CH_UTF8, to=CH_UNIX, src=0x8081cd60, srclen=9, dst=0xbffff670, converted_size=0xbffff674, 
    allow_bad_conv=true) at lib/charcnv.c:480
#8  0x8007207d in cgi_load_variables () at web/cgi.c:214
#9  0x80079c4c in main (argc=1, argv=0xbffff824) at web/swat.c:1581

Note the call to close_iconv_convenience() in frame 3.

Now, when looking at libpam-smbpass.so symbols with nm, this gives the following iconv-related output:

Ubuntusamba package

Comment 4 for bug 1015935

Ubuntu
samba package