[cifs-protocol] CAR: Bug in MS-WINSRA section "2.2.10.1 Name Record"
Stefan (metze) Metzmacher
metze at samba.org
Fri Jan 29 07:25:15 MST 2010
Hi,
I found a bug in MS-WINSRA section "2.2.10.1 Name Record".
It says:
> Padding (variable): If the Name field is not 4-byte aligned, this
> Padding field will be added to pad to 4-byte alignment. If the Name
> field itself is 4-byte aligned, then there is no Padding
> field. This field MUST be ignored upon receipt.
This is wrong!
The documentation would indicate this:
pad_len = ((offset & (4-1)) == 0 ? 0 : (4 - (offset & (4-1))))
But Windows Servers (at least 2003 SP1 and 2008) use this:
pad_len = 4 - (offset & (4-1));
The difference is the case where the name field is already 4 byte
aligned. In that case Windows adds 4 bytes instead of 0 bytes of aligment.
See frame 75 in the attached capture (172.31.9.211 is a windows 2008
server and 172.31.9.1 a modified smbtorture).
The name length is 20 and there're 4 extra bytes before the Reserved1
field.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winsrepl-with-scope-01.pcap
Type: application/cap
Size: 859505 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100129/bd360ff5/attachment-0001.pcap>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20100129/bd360ff5/attachment-0001.pgp>
More information about the cifs-protocol
mailing list