[cifs-protocol] Bug in MS-WINSRA section "2.2.10.1 Name Record"

Stefan (metze) Metzmacher metze at samba.org
Thu Feb 4 12:18:30 MST 2010 

Hi Edgar,

> Could you send me which build of Windows 2008 you ran the tests corresponding to the network traces you provided?
> To determine the version, service pack and build number:
> Start > Run > msinfo32
> On the System Summary, the Version item provides that information.

Microsoft Windows Server 2008 Standard
6.0.6001 Service Pack 1 Build 6001

It's the 32-Bit Version.

metze
> Best regards,
> 
> Edgar
> 
> 
> -----Original Message-----
> From: Edgar Olougouna 
> Sent: Monday, February 01, 2010 9:39 AM
> To: Stefan (metze) Metzmacher; Bill Wesse
> Cc: pfif at tridgell.net; cifs-protocol at samba.org
> Subject: RE: Bug in MS-WINSRA section "2.2.10.1 Name Record"
> 
> Hi Stefan,
> 
> I am taking care of this case and will update you as soon as I have news.
> 
> Best regards,
> 
> Edgar
> 
> 
> 
> -----Original Message-----
> From: Bill Wesse 
> Sent: Saturday, January 30, 2010 7:37 AM
> To: Stefan (metze) Metzmacher
> Cc: pfif at tridgell.net; cifs-protocol at samba.org; Edgar Olougouna
> Subject: [REG:110012953632586] RE: Bug in MS-WINSRA section "2.2.10.1 Name Record"
> 
> Thanks Stefan - forwarding this email to Edgar, who owns the case.
> 
> 110012953632586
> 
> Regards,
> Bill Wesse
> MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
> 8055 Microsoft Way
> Charlotte, NC 28273
> Email:	billwe at microsoft.com
> Tel: 	+1(980) 776-8200
> Cell: 	+1(704) 661-5438
> Fax: 	+1(704) 665-9606
> 
> -----Original Message-----
> From: Stefan (metze) Metzmacher [mailto:metze at samba.org] 
> Sent: Saturday, January 30, 2010 4:40 AM
> To: Bill Wesse
> Cc: pfif at tridgell.net; cifs-protocol at samba.org; Interoperability Documentation Help
> Subject: Re: Bug in MS-WINSRA section "2.2.10.1 Name Record"
> 
> Hi Bill,
> 
> there's one additional bug regarding the Name length.
> 
>> Name (variable): Name terminates with a 0x00 byte. It may include a 
>> NetBIOS scope identifier, as specified in [RFC1001]. The maximum 
>> length of the Name field is 255 bytes including the 0x00 byte. If no 
>> NetBIOS scope is included, then the length of the name is 17 including 
>> the 0x00 byte.
> 
> When a windows server gets a name with length == 255 it removes the last character of the scope before storing it.
> 
> Windows returns a name with length 254 when it returns the name again.
> 
> See the attached capture (172.31.9.211 is Windows 2008 and 172.31.9.1 is a modified smbtorture).
> 
> Frame 19 smbtorture => windows 2008 name length 255 Frame 25 windows 2008 => smbtorture name length 254
> 
> metze
>> Good morning Stefan - I am including our below initial response, since I missed CC: dochelp at microsoft.com on the first one.
>>
>> -----Original Message-----
>> From: Bill Wesse
>> Sent: Friday, January 29, 2010 9:59 AM
>> To: 'metze at samba.org'
>> Cc: MSSolve Case Email; 'pfif at tridgell.net'; 'cifs-protocol at samba.org'
>> Subject: [REG:110012953632586] [MS-WINSRA] 2.2.10.1 Name Record 
>> Padding field description incorrect
>>
>> Good morning Stefan - thanks for your comments. I have created the below case to track the issue. One of my team members will contact you shortly!
>>
>> 110012953632586 [MS-WINSRA] 2.2.10.1 Name Record Padding field 
>> description incorrect
>>
>>
>> Regards,
>> Bill Wesse
>> MCSE, MCTS / Senior Escalation Engineer, US-CSS DSC PROTOCOL TEAM
>> 8055 Microsoft Way
>> Charlotte, NC 28273
>> Email:	billwe at microsoft.com
>> Tel: 	+1(980) 776-8200
>> Cell: 	+1(704) 661-5438
>> Fax: 	+1(704) 665-9606
>>
>>
>> -----Original Message-----
>> From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
>> Sent: Friday, January 29, 2010 9:25 AM
>> To: Interoperability Documentation Help
>> Cc: pfif at tridgell.net; cifs-protocol at samba.org
>> Subject: CAR: Bug in MS-WINSRA section "2.2.10.1 Name Record"
>>
>> Hi,
>>
>> I found a bug in MS-WINSRA section "2.2.10.1 Name Record".
>>
>> It says:
>>
>>> Padding (variable): If the Name field is not 4-byte aligned, this 
>>> Padding field will be added to pad to 4-byte alignment. If the Name 
>>> field itself is 4-byte aligned, then there is no Padding field. This 
>>> field MUST be ignored upon receipt.
>> This is wrong!
>>
>> The documentation would indicate this:
>>
>> pad_len = ((offset & (4-1)) == 0 ? 0 : (4 - (offset & (4-1))))
>>
>> But Windows Servers (at least 2003 SP1 and 2008) use this:
>>
>> pad_len = 4 - (offset & (4-1));
>>
>> The difference is the case where the name field is already 4 byte aligned. In that case Windows adds 4 bytes instead of 0 bytes of aligment.
>>
>> See frame 75 in the attached capture (172.31.9.211 is a windows 2008 server and 172.31.9.1 a modified smbtorture).
>> The name length is 20 and there're 4 extra bytes before the Reserved1 field.
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100204/c470d541/attachment.pgp>

More information about the cifs-protocol mailing list