NTCreateAndX Response with wrong WordCount.
Christopher R. Hertel
crh at ubiqx.mn.org
Sun Aug 1 05:05:10 GMT 2004
On Sat, Jul 31, 2004 at 11:45:46PM -0400, Michael B Allen wrote:
> On Sat, 31 Jul 2004 21:06:10 -0500
> "Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
>
> > Is it common to see an NTCreateAndX Response with an incorrect WordCount?
> >
> > I'm seeing a WordCount of 42 (that's 84 bytes). The SNIA doc says it
> > should be 26 (unless EAs or SDs are included...but I'm not seeing those).
> >
> > The data beyond the normal 52 byte mark *looks* like garbage--some of it
> > left over from the request message.
> >
> > So, just wondering...
>
> Yeah, that is odd. I never really took notice before. Maybe because I
> depend so much on Ethereal which doesn't decode it.
Ethereal seems to be using the format given in the SNIA doc, and in the
capture I'm looking at, the decode looks correct.
> I see W2K and XP have a WordCount of 42 whereas NT is 34.
Okay, that's weird.
26 + 8 = 34
34 + 8 = 42
...and 26 is the "correct" number of bytes (per the SNIA doc).
Is this with EA's or Security Descriptors? The supposed-correct value of
26 is for the no-frills version of the reply.
> Indeed that extra 16 bytes is
> the beginning of the filename in Unicode from the 6th index to the end. I
> suppose that could be from the request. The offset's are even very close
> (only off by 2 bytes). That means they reuse the same buffer.
My guess as well.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list