NTCreateAndX Response with wrong WordCount.

[Christopher R. Hertel]

On Sun, Aug 01, 2004 at 02:10:00AM -0400, Michael B Allen wrote:
> On Sun, 1 Aug 2004 00:05:10 -0500
> "Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
> > > I see W2K and XP have a WordCount of 42 whereas NT is 34.
> > 
> > Okay, that's weird.
> > 
> > 26 + 8 = 34
> > 34 + 8 = 42
> > 
> > ...and 26 is the "correct" number of bytes (per the SNIA doc).
> 
> The docs (SNIA and Leach v2) are incorrect. If you simply add up the sizes
> of fields in the packet description it's 34 bytes. That 26 is just wrong.

Good point.

Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and 
it adds up properly, and the ByteCount is zero, and there's no garbage 
after it.

So you're right, and NT is right, and the SNIA doc is wrong, and W2K is 
way wrong.

> As you pointed out above I think it's interesting that (34 - 26) * 2 is
> 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> responses.

Actually, there's 32 bytes worth of garbage in the captures I've got.  
That is, following the ByteCount field (which is correctly zero) I always 
see 32 bytes of semi-random stuff that shouldn't be there.

So... It's wrong by 16 words.

That doesn't quite add up.

> It's as if the MS developers were reviewing the code for the
> next generation CIFS implementation and said "Ahh, according to the docs
> this packet is 16 bytes too small, let's make it bigger!"

Yeah.  Maybe.  Sure seems they messed something up.

Chris -)-----

> Greedo shoots first? Not in my Star Wars.
I gave up after the second movie (yes, back whenever that was).

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org