From: Jeremy Allison Date: Fri, 10 Apr 2026 21:24:34 +0000 (-0700) Subject: s3:loadparm: fix NULL pointer dereference in volume_label() X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;ds=sidebyside;p=thirdparty%2Fsamba.git s3:loadparm: fix NULL pointer dereference in volume_label() volume_label() calls lp_servicename() as a fallback when lp_volume() returns an empty string. lp_servicename() is a FN_LOCAL_SUBSTITUTED_STRING that falls back to sDefault.szService when the service is invalid. Since sDefault.szService is initialized to NULL and is never set by init_globals(), the substitution returns NULL, and the subsequent strlen() call crashes with a segmentation fault. Add a NULL guard so volume_label() returns an empty string instead of crashing. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14978 Co-Authored-By: Claude Opus 4.6 (1M context) Signed-off-by: Jeremy Allison Reviewed-by: David Mulder Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Apr 15 00:07:12 UTC 2026 on atb-devel-224 --- diff --git a/selftest/knownfail b/selftest/knownfail index 40aaa28aed6..ab2d79d7114 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -338,4 +338,3 @@ # We currently don't send referrals for LDAP modify of non-replicated attrs ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* -^samba3.blackbox.usershare_not_accessible.*(fileserver:local) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e85b52fdc6d..dc0d8523172 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4471,6 +4471,9 @@ const char *volume_label(TALLOC_CTX *ctx, int snum) if (!*label) { label = lp_servicename(ctx, lp_sub, snum); } + if (label == NULL) { + label = ""; + } /* * Volume label can be a max of 32 bytes. Make sure to truncate