From 14bc301ed512369c0053b3301faa374f7ea38d08 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Apr 2026 14:24:34 -0700 Subject: [PATCH] s3:loadparm: fix NULL pointer dereference in volume_label() volume_label() calls lp_servicename() as a fallback when lp_volume() returns an empty string. lp_servicename() is a FN_LOCAL_SUBSTITUTED_STRING that falls back to sDefault.szService when the service is invalid. Since sDefault.szService is initialized to NULL and is never set by init_globals(), the substitution returns NULL, and the subsequent strlen() call crashes with a segmentation fault. Add a NULL guard so volume_label() returns an empty string instead of crashing. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14978 Co-Authored-By: Claude Opus 4.6 (1M context) Signed-off-by: Jeremy Allison Reviewed-by: David Mulder Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Apr 15 00:07:12 UTC 2026 on atb-devel-224 --- selftest/knownfail | 1 - source3/param/loadparm.c | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/selftest/knownfail b/selftest/knownfail index 40aaa28aed6..ab2d79d7114 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -338,4 +338,3 @@ # We currently don't send referrals for LDAP modify of non-replicated attrs ^samba4.ldap.rodc.python\(rodc\).__main__.RodcTests.test_modify_nonreplicated.* -^samba3.blackbox.usershare_not_accessible.*(fileserver:local) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e85b52fdc6d..dc0d8523172 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4471,6 +4471,9 @@ const char *volume_label(TALLOC_CTX *ctx, int snum) if (!*label) { label = lp_servicename(ctx, lp_sub, snum); } + if (label == NULL) { + label = ""; + } /* * Volume label can be a max of 32 bytes. Make sure to truncate -- 2.47.3