[cifs-protocol] Bug in MS-WINSRA section "2.2.10.1 Name Record"
Edgar Olougouna
edgaro at microsoft.com
Thu Feb 11 16:10:55 MST 2010
Hi Stefan,
We completed our investigation on the Padding issue regarding the name record in MS-WINSRA. The product team confirmed the observed behavior.
As a result, the definition of the Padding field will be updated to reflect the following. The change will appear in a future release of the document.
MS-WINSRA section "2.2.10.1 Name Record".
Current definition:
Padding (variable): If the Name field is not 4-byte aligned, this Padding field will be added to pad to 4-byte alignment. If the Name field itself is 4-byte aligned, then there is no Padding field. This field MUST be ignored upon receipt.
Update similar to:
Padding (variable): If the Name field is not 4-byte aligned, the Padding field is padded to 4-byte alignment. If the Name field itself is 4-byte aligned, then the Padding field is padded with 4 bytes. This field MUST be ignored upon receipt.
Best regards,
Edgar
-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Friday, January 29, 2010 8:25 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: CAR: Bug in MS-WINSRA section "2.2.10.1 Name Record"
Hi,
I found a bug in MS-WINSRA section "2.2.10.1 Name Record".
It says:
> Padding (variable): If the Name field is not 4-byte aligned, this
> Padding field will be added to pad to 4-byte alignment. If the Name
> field itself is 4-byte aligned, then there is no Padding field. This
> field MUST be ignored upon receipt.
This is wrong!
The documentation would indicate this:
pad_len = ((offset & (4-1)) == 0 ? 0 : (4 - (offset & (4-1))))
But Windows Servers (at least 2003 SP1 and 2008) use this:
pad_len = 4 - (offset & (4-1));
The difference is the case where the name field is already 4 byte aligned. In that case Windows adds 4 bytes instead of 0 bytes of aligment.
See frame 75 in the attached capture (172.31.9.211 is a windows 2008 server and 172.31.9.1 a modified smbtorture).
The name length is 20 and there're 4 extra bytes before the Reserved1 field.
metze
More information about the cifs-protocol
mailing list