Unicode bugs still with Win2K

Romeril, Alan a.romeril at ic.ac.uk
Tue Jul 17 23:42:44 GMT 2001


Hello All,
	There`s still a problem with Windows 2000 sending strings in Unicode
format and the fix that`s in at the moment isn`t catching it.  It`s this
that is creating strangely named files in peoples home directories,
especially if an smbd dies unexpectedly.  It`s in 2.0.x and 2.2.x.  
	Can someone take a look and confirm what I am seeing here, a logon
from Win2k and a start of Internet Explorer is all that`s needed.  
	I`d like to suggest a little patch along these lines, just to check
for the start of a unicode string and trigger the convert if necessary.

Cheers,
Alan

This is a diff -u to the samba 2.2.1 release version of smbd/nttrans.c

--- nttrans.c           Tue Jul 17 23:34:59 2001
+++ nttrans.c           Tue Jul 17 23:35:51 2001
@@ -301,7 +301,8 @@
    * the end here.
    */

-  if((data_len == 1) || (inbuf[data_offset] == '\0')) {
+      if((data_len - fname_len == 1) || (inbuf[data_offset] == '\0')
+           || ((inbuf[data_offset+1] == '\\') && (inbuf[data_offset+2] ==
'\0'))) {
     /*
      * Ensure that the data offset is aligned
      * on a 2 byte boundary - add one if not.


After running this for a couple of days it seems that quite a few files get
missed mostly these, but there are others.

\IExplorer\AppData\Microsoft\Internet Explorer\UserData\index.dat
\IExplorer\Cookies\index.dat
\IExplorer\History\History.IE5\index.dat



This is one of the incoming SMBs that misses the unicode string detection (
samba 2.0.7 )

[2001/07/02 17:04:36, 5] lib/util.c:show_msg(430)
  size=304
  smb_com=0xa0
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=2055
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(436)
  smb_tid=1
  smb_pid=828
  smb_uid=100
  smb_mid=42115
  smt_wct=19
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[0]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[1]=34304 (0x8600)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[2]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[3]=23552 (0x5C00)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[4]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[5]=25856 (0x6500)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[6]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[7]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[8]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[9]=34304 (0x8600)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[10]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[11]=19456 (0x4C00)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[12]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[13]=23552 (0x5C00)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[14]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[15]=54272 (0xD400)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[16]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[17]=0 (0x0)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(441)
  smb_vwv[18]=1 (0x1)
[2001/07/02 17:04:36, 5] lib/util.c:show_msg(446)
  smb_bcc=231
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2918)
  [000] 40 75 21 10 00 00 00 00  00 00 00 9F 01 12 00 00  @u!..... ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [010] 00 00 00 00 00 00 00 00  00 00 00 03 00 00 00 03  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [020] 00 00 00 40 08 00 00 5C  00 00 00 00 00 00 00 50  ... at ...\ .......P
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [030] 00 00 00 02 00 00 00 03  01 5C 00 49 00 45 00 78  ........ .\.I.E.x
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [040] 00 70 00 6C 00 6F 00 72  00 65 00 72 00 5C 00 48  .p.l.o.r .e.r.\.H
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [050] 00 69 00 73 00 74 00 6F  00 72 00 79 00 5C 00 48  .i.s.t.o .r.y.\.H
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [060] 00 69 00 73 00 74 00 6F  00 72 00 79 00 2E 00 49  .i.s.t.o .r.y...I
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [070] 00 45 00 35 00 5C 00 69  00 6E 00 64 00 65 00 78  .E.5.\.i .n.d.e.x
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [080] 00 2E 00 64 00 61 00 74  00 00 00 01 00 04 80 00  ...d.a.t ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [090] 00 00 00 00 00 00 00 00  00 00 00 14 00 00 00 02  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [0A0] 00 48 00 03 00 00 00 00  00 14 00 00 00 10 E0 01  .H...... ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [0B0] 01 00 00 00 00 00 01 00  00 00 00 00 00 18 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [0C0] 00 00 10 01 02 00 00 00  00 00 05 20 00 00 00 20  ........ ... ...
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [0D0] 02 00 00 00 00 14 00 00  00 00 10 01 01 00 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [0E0] 00 00 05 12 00 00 00                              .......
[2001/07/02 17:04:36, 3] smbd/process.c:switch_message(448)
  switch message SMBnttrans (pid 15359)
[2001/07/02 17:04:36, 4] smbd/uid.c:become_user(186)
  Skipping become_user - already user
[2001/07/02 17:04:36, 10] smbd/nttrans.c:reply_nttrans(2609)
  reply_nttrans: parameter_count = 134
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2918)
  [000] 10 00 00 00 00 00 00 00  9F 01 12 00 00 00 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [010] 00 00 00 00 00 00 00 00  03 00 00 00 03 00 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [020] 40 08 00 00 5C 00 00 00  00 00 00 00 50 00 00 00  @...\... ....P...
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [030] 02 00 00 00 03 01 5C 00  49 00 45 00 78 00 70 00  ......\. I.E.x.p.
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [040] 6C 00 6F 00 72 00 65 00  72 00 5C 00 48 00 69 00  l.o.r.e. r.\.H.i.
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [050] 73 00 74 00 6F 00 72 00  79 00 5C 00 48 00 69 00  s.t.o.r. y.\.H.i.
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [060] 73 00 74 00 6F 00 72 00  79 00 2E 00 49 00 45 00  s.t.o.r. y...I.E.
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [070] 35 00 5C 00 69 00 6E 00  64 00 65 00 78 00 2E 00  5.\.i.n. d.e.x...
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [080] 64 00 61 00 74 00                                 d.a.t.
[2001/07/02 17:04:36, 10] smbd/nttrans.c:reply_nttrans(2614)
  reply_nttrans: data_count = 92
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2918)
  [000] 01 00 04 80 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [010] 14 00 00 00 02 00 48 00  03 00 00 00 00 00 14 00  ......H. ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [020] 00 00 10 E0 01 01 00 00  00 00 00 01 00 00 00 00  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [030] 00 00 18 00 00 00 00 10  01 02 00 00 00 00 00 05  ........ ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [040] 20 00 00 00 20 02 00 00  00 00 14 00 00 00 00 10   ... ... ........
[2001/07/02 17:04:36, 10] lib/util.c:dump_data(2926)
  [050] 01 01 00 00 00 00 00 05  12 00 00 00              ........ ....
[2001/07/02 17:04:37, 5] smbd/nttrans.c:call_nt_transact_create(1010)
  call_nt_transact_create
[2001/07/02 17:04:37, 10] smbd/nttrans.c:map_create_disposition(386)
  map_create_disposition: Mapped create_disposition 3 to 11
[2001/07/02 17:04:37, 10] smbd/nttrans.c:get_filename_transact(285)
  get_filename_transact: data_offset = 53, data_len = 1, fname_len = 80
[2001/07/02 17:04:37, 10] smbd/nttrans.c:map_share_mode(491)
  map_share_mode: Mapped desired access 12019f, share access 3, file
attributes 0 to open_mode 42
[2001/07/02 17:04:37, 5] smbd/filename.c:unix_convert(329)
  unix_convert called on file "^A\"
[2001/07/02 17:04:37, 3] lib/util.c:unix_clean_name(522)
  unix_clean_name [^A/]
[2001/07/02 17:04:37, 5] smbd/filename.c:stat_cache_add(216)
  stat_cache_add: Added entry ^A -> ^A
[2001/07/02 17:04:37, 5] smbd/filename.c:unix_convert(429)
  conversion finished ^A -> ^A
[2001/07/02 17:04:37, 5] smbd/files.c:file_new(105)
  allocated file structure 119, fnum = 4215 (2 used)
[2001/07/02 17:04:37, 8] lib/util.c:is_in_path(2430)
  is_in_path: ^A
[2001/07/02 17:04:37, 8] lib/util.c:is_in_path(2435)
  is_in_path: no name list.
[2001/07/02 17:04:37, 3] lib/util.c:unix_clean_name(522)
  unix_clean_name [^A]
[2001/07/02 17:04:37, 10] smbd/open.c:open_file_shared(830)
  open_file_shared: fname = ^A, share_mode = 42, ofun = 11, mode = 700,
oplock request = 0
[2001/07/02 17:04:37, 8] lib/util.c:is_in_path(2430)
  is_in_path: ^A
[2001/07/02 17:04:37, 8] lib/util.c:is_in_path(2435)
  is_in_path: no name list.
[2001/07/02 17:04:38, 3] lib/util.c:unix_clean_name(522)
  unix_clean_name [^A]
[2001/07/02 17:04:38, 8] smbd/dosmode.c:dos_mode(123)
  dos_mode: ^A
[2001/07/02 17:04:38, 8] lib/util.c:is_in_path(2430)
  is_in_path: ^A
[2001/07/02 17:04:38, 8] lib/util.c:is_in_path(2435)
  is_in_path: no name list.
[2001/07/02 17:04:38, 8] smbd/dosmode.c:dos_mode(167)
  dos_mode returning a
[2001/07/02 17:04:38, 5] locking/locking_shm.c:shm_get_share_modes(144)
  get_share_modes no entry for file dev = 800086 ino = 411782
[2001/07/02 17:04:38, 4] smbd/open.c:open_file_shared(1025)
  calling open_file with flags=0x2 flags2=0x100 mode=0700
[2001/07/02 17:04:38, 5] smbd/files.c:fd_get_new(173)
  allocated fd_ptr structure (1 used)
[2001/07/02 17:04:38, 2] smbd/open.c:open_file(602)
  ar12 opened file ^A read=Yes write=Yes (numopen=2)
[2001/07/02 17:04:38, 6] locking/shmem_sysv.c:shm_alloc(253)
  shm_alloc : allocated 67 bytes at offset 7000
[2001/07/02 17:04:38, 3] locking/locking_shm.c:shm_set_share_mode(456)
  set_share_mode: Created share record for ^A (dev 800086 inode 411782)
[2001/07/02 17:04:38, 6] locking/shmem_sysv.c:shm_alloc(253)
  shm_alloc : allocated 24 bytes at offset 208
[2001/07/02 17:04:38, 3] locking/locking_shm.c:shm_set_share_mode(495)
  set_share_mode: Created share entry for ^A with mode 0x42 pid=15359
[2001/07/02 17:04:39, 8] smbd/dosmode.c:dos_mode(123)
  dos_mode: ^A
[2001/07/02 17:04:39, 8] lib/util.c:is_in_path(2430)
  is_in_path: ^A
[2001/07/02 17:04:39, 8] lib/util.c:is_in_path(2435)
  is_in_path: no name list.
[2001/07/02 17:04:39, 8] smbd/dosmode.c:dos_mode(167)
  dos_mode returning a
[2001/07/02 17:04:39, 5] smbd/nttrans.c:call_nt_transact_create(1341)
  call_nt_transact_create: open name = ^A
[2001/07/02 17:04:40, 9] smbd/nttrans.c:send_nt_replies(214)
  nt_rep: params_sent_thistime = 69, data_sent_thistime = 0, useable_space =
65457
[2001/07/02 17:04:40, 9] smbd/nttrans.c:send_nt_replies(216)
  nt_rep: params_to_send = 69, data_to_send = 0, paramsize = 69, datasize =
0
[2001/07/02 17:04:40, 6] lib/util_sock.c:write_socket(560)
  write_socket(5,147)
[2001/07/02 17:04:40, 6] lib/util_sock.c:write_socket(563)
  write_socket(5,147) wrote 147





More information about the samba-technical mailing list