[jcifs] SmbFile.getDiskFreeSpace bug

Thomas Krammer tkrammer at nxn-software.com
Wed Jan 26 19:57:46 GMT 2005 

Sorry, but I don't have access to that server. It's the server of a 
customer and they probably wouldn't allow me to install a package 
capturing tool on one of their machines.

I did a package capture of my Windows XP machine querying one of our 
servers with 1.1 TB (1226109587456 bytes) of free disk space. But JCIFS 
reports the correct free space on this server. So these captures might 
be useless.

These seem to be the relevant packages:

No.     Time        Source                Destination           Protocol 
Info
     58 0.039831    172.40.1.151          172.40.1.37           SMB      
Trans2 Request, QUERY_FS_INFO, Query Full FS Size Info

Frame 58 (128 bytes on wire, 128 bytes captured)
Ethernet II, Src: 00:07:e9:47:7d:6b, Dst: 00:30:48:52:7f:94
Internet Protocol, Src Addr: 172.40.1.151 (172.40.1.151), Dst Addr: 
172.40.1.37 (172.40.1.37)
Transmission Control Protocol, Src Port: 4884 (4884), Dst Port: 
microsoft-ds (445), Seq: 1904, Ack: 2013, Len: 74
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response in: 59
        SMB Command: Trans2 (0x32)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x18
        Flags2: 0xc807
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 2051
        Process ID: 2664
        User ID: 2051
        Multiplex ID: 14658
    Trans2 Request (0x32)
        Word Count (WCT): 15
        Total Parameter Count: 2
        Total Data Count: 0
        Max Parameter Count: 0
        Max Data Count: 560
        Max Setup Count: 0
        Reserved: 00
        Flags: 0x0000
        Timeout: Return immediately (0)
        Reserved: 0000
        Parameter Count: 2
        Parameter Offset: 68
        Data Count: 0
        Data Offset: 0
        Setup Count: 1
        Reserved: 00
        Subcommand: QUERY_FS_INFO (0x0003)
        Byte Count (BCC): 5
        Padding: 000000
        QUERY_FS_INFO Parameters
            Level of Interest: Query Full FS Size Info (0x03ef)

0000  00 30 48 52 7f 94 00 07 e9 47 7d 6b 08 00 45 00   .0HR.....G}k..E.
0010  00 72 ba af 40 00 80 06 e4 c9 ac 28 01 97 ac 28   .r.. at ......(...(
0020  01 25 13 14 01 bd 29 30 74 6c 0b d7 af 8d 50 18   .%....)0tl....P.
0030  fe 4d b0 c0 00 00 00 00 00 46 ff 53 4d 42 32 00   .M.......F.SMB2.
0040  00 00 00 18 07 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 03 08 68 0a 03 08 42 39 0f 02 00 00 00 00   ....h...B9......
0060  00 30 02 00 00 00 00 00 00 00 00 00 00 02 00 44   .0.............D
0070  00 00 00 00 00 01 00 03 00 05 00 00 00 00 ef 03   ................

No.     Time        Source                Destination           Protocol 
Info
     59 0.040089    172.40.1.37           172.40.1.151          SMB      
Trans2 Response, QUERY_FS_INFO

Frame 59 (146 bytes on wire, 146 bytes captured)
Ethernet II, Src: 00:30:48:52:7f:94, Dst: 00:07:e9:47:7d:6b
Internet Protocol, Src Addr: 172.40.1.37 (172.40.1.37), Dst Addr: 
172.40.1.151 (172.40.1.151)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 
4884 (4884), Seq: 2013, Ack: 1978, Len: 92
NetBIOS Session Service
SMB (Server Message Block Protocol)
    SMB Header
        Server Component: SMB
        Response to: 58
        Time from request: 0.000258000 seconds
        SMB Command: Trans2 (0x32)
        NT Status: STATUS_SUCCESS (0x00000000)
        Flags: 0x98
        Flags2: 0xc807
        Process ID High: 0
        Signature: 0000000000000000
        Reserved: 0000
        Tree ID: 2051
        Process ID: 2664
        User ID: 2051
        Multiplex ID: 14658
    Trans2 Response (0x32)
        Subcommand: QUERY_FS_INFO (0x0003)
        Word Count (WCT): 10
        Total Parameter Count: 0
        Total Data Count: 32
        Reserved: 0000
        Parameter Count: 0
        Parameter Offset: 56
        Parameter Displacement: 0
        Data Count: 32
        Data Offset: 56
        Data Displacement: 0
        Setup Count: 0
        Reserved: 00
        Byte Count (BCC): 33
        Padding: 00
        QUERY_FS_INFO Data
            Allocation Size: 299343161
            Caller Free Units: 299316575
            Actual Free Units: 299316575
            Sectors/Unit: 8
            Bytes per Sector: 512

0000  00 07 e9 47 7d 6b 00 30 48 52 7f 94 08 00 45 00   ...G}k.0HR....E.
0010  00 84 ec 65 40 00 80 06 b3 01 ac 28 01 25 ac 28   ...e at ......(.%.(
0020  01 97 01 bd 13 14 0b d7 af 8d 29 30 74 b6 50 18   ..........)0t.P.
0030  3f 72 df 22 00 00 00 00 00 58 ff 53 4d 42 32 00   ?r.".....X.SMB2.
0040  00 00 00 98 07 c8 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 03 08 68 0a 03 08 42 39 0a 00 00 20 00 00   ....h...B9... ..
0060  00 00 00 38 00 00 00 20 00 38 00 00 00 00 00 21   ...8... .8.....!
0070  00 00 39 9d d7 11 00 00 00 00 5f 35 d7 11 00 00   ..9......._5....
0080  00 00 5f 35 d7 11 00 00 00 00 08 00 00 00 00 02   .._5............
0090  00 00                                             ..


If you need more information please contact me.


  Thomas

>On Wed, 26 Jan 2005 14:41:20 +0100
>Thomas Krammer <tkrammer at nxn-software.com> wrote:
>
>  
>
>>Hi,
>>
>>SmbFile.getDiskFreeSpace() returns a negative value on a share with 2.8 
>>TB of free disk space (310885233664 bytes to be exact...)
>>
>>It seems from the code that the free disk space is transfered as a 32 
>>bit integer (number of free blocks) and a 16 bit integer (block size). I 
>>guess the 32 bit integer overflows and the result becomes negative.
>>
>>I'm using JCIFS 0.7.3 but the code to determine the free disk space 
>>hasn't changed between 0.7.3 and 1.1.7. So I think this bug is also 
>>present in JCIFS 1.1.7.
>>    
>>
>
>Can you get a capture of Windows 2000 / XP querying the value
>successfully? We need that to emulate this call properly.
>
>Mike
>
>[1] http://jcifs.samba.org/capture.html
>
>  
>

More information about the jcifs mailing list