[cifs-protocol] dNSProperty parsing of DSPROPERTY_ZONE_NS_SERVERS_DA in particular

Andrew Bartlett abartlet at samba.org
Sun Apr 5 23:43:32 UTC 2020

G'Day Dochelp,

I'm hoping for a little help with interoperability here.  The situation
is a Samba AD Domain that has also had a Windows AD DC in it, so some
records were not created by Samba, like this records in the DNS

In the 


record, there is an attribute:


000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00  >................<
000010 92 00 00 00 00 00 00 00                          >........<

We, until samba 4.12, would parse this as:

pull returned Success
    dnsp_DnsProperty: struct dnsp_DnsProperty
        wDataLength              : 0x00000000 (0)
        namelength               : 0x00000000 (0)
        flag                     : 0x00000000 (0)
        version                  : 0x00000001 (1)
        id                       : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
        data                     : union dnsPropertyData(case 0)
        name                     : 0x00000000 (0)
dump OK

However, the wDataLength is 0.  There is not anything in 
[MS-DNSP] dnsProperty to describe any special behaviour for when the id suggests that there is a value, but wDataLength is 0.


We now fail to parse it, because we expect an entry with id DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 

As context (mostly for my fellow team members), we changed it in our commit 
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.

Can you clarify how this should be interpreted, so we can fix this properly?


Andrew Bartlett

Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the cifs-protocol mailing list