+++ This bug was initially created as a clone of Bug #389021 +++ Description of problem: When either a request for a directory listing of a share using a wildcard (e.g., "ls /mnt/share/redhat*") is entered or a directory listing (e.g., "ls /mnt/share") the action generates trans2 error messages in the client and the following in the server: [2007/11/16 17:47:14, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd [2007/11/16 17:47:14, 1] smbd/service.c:make_connection_snum(1033) 192.168.1.14 (192.168.1.14) connect to service ben initially as user ben (uid=500, gid=500) (pid 6208) [2007/11/16 17:47:14, 0] lib/util.c:smb_panic(1654) PANIC (pid 6208): push_ascii - dest_len == -1 [2007/11/16 17:47:14, 0] lib/util.c:log_stack_trace(1758) BACKTRACE: 12 stack frames: #0 smbd(log_stack_trace+0x1c) [0x555555776cdc] #1 smbd(smb_panic+0x43) [0x555555776dc3] #2 smbd(push_ascii+0x113) [0x555555762893] #3 smbd [0x5555556037c9] #4 smbd [0x555555606eb3] #5 smbd(handle_trans2+0x25e) [0x55555560a12e] #6 smbd(reply_trans2+0x6ec) [0x55555561077c] #7 smbd [0x555555629384] #8 smbd(smbd_process+0x7b1) [0x55555562a321] #9 smbd(main+0xa20) [0x55555582b2d0] #10 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2aaaad3728a4] #11 smbd [0x5555555bc009] This problem ONLY occurs in linux to linux transfers. I have not been able to detect a problem with linux-windows transactions. Also, if you enter a complete qualified file name (e.g., "ls /mnt/<SHARE/mytest.png " the process works perfectly without errors. Version-Release number of selected component (if applicable): This occurs if the client is samba-3.0.9-1.3E.14.1 in RHEL 3 and if the server is samba-3.0.25b-1 in RHEL 5 or samba-3.0.9-1.3E.14.1 in RHEL3. This problem is alleviated if the previous version is installed. Again, client in samba-3.0.25b-1 in RHEL 5 does not exhibit this issue. How reproducible: Completely, hardware independent. Note the RHEL5 client does not exhibit this problem. Steps to Reproduce: 1. Verify "ls /mnt/<SHARE>" and "ls /mnt/<SHARE/<something>* " work before update. 2. Update samba on RHEL3 to latest rpm. 3. Verify "ls /mnt/<SHARE>" and "ls /mnt/<SHARE/<something>* " hang after update. Actual results: Error messages, no returned results. Expected results: Directory listing. Additional info: Note (possibly completely unrelated) the samba patch as released caused bad nmbd fail on Ubuntu and I understand they released a second update. -- Additional comment from ssorce on 2007-11-19 19:00 EST -- Upstream we have a patch, starting testing to insure all is ok. And just for the records, Ubuntu ""fixed"" this problem by completely reverting the security fix, so their packages are now vulnerable. -- Additional comment from sergeyco on 2007-11-21 13:11 EST -- 1) On RHEL3 smbclient work fine, but smbmount doesn't. 2) On RHEL4 the same problem occurs when I do listing after "mount -t smbfs", and ls after "mount -t cifs" works without errors.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-1114.html