NTCreateAndX Response with wrong WordCount.
Michael B Allen
mba2000 at ioplex.com
Sun Aug 1 08:25:06 GMT 2004
On Sun, 1 Aug 2004 02:58:08 -0500
"Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
> > The docs (SNIA and Leach v2) are incorrect. If you simply add up the
> > sizes of fields in the packet description it's 34 [words]. That 26 is
> > just wrong.
>
> Good point.
>
> Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and
Actually it's 34 words / 68 bytes.
> > As you pointed out above I think it's interesting that (34 - 26) * 2 is
> > 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> > responses.
>
> Actually, there's 32 bytes worth of garbage in the captures I've got.
> That is, following the ByteCount field (which is correctly zero) I always
> see 32 bytes of semi-random stuff that shouldn't be there.
16 bytes.
> So... It's wrong by 16 words.
Still multiplying by 2. It's really 8 words / 16 bytes.
> > It's as if the MS developers were reviewing the code for the
> > next generation CIFS implementation and said "Ahh, according to the docs
> > this packet is 16 bytes too small, let's make it bigger!"
>
> Yeah. Maybe. Sure seems they messed something up.
As we've so gracefully demonstrated ourselves :-)
Mike
--
Greedo shoots first? Not in my Star Wars.
More information about the samba-technical
mailing list