NTCreateAndX Response with wrong WordCount.

[Christopher R. Hertel]

On Sun, Aug 01, 2004 at 04:25:06AM -0400, Michael B Allen wrote:
> On Sun, 1 Aug 2004 02:58:08 -0500
> "Christopher R. Hertel" <crh at ubiqx.mn.org> wrote:
> > > The docs (SNIA and Leach v2) are incorrect. If you simply add up the
> > > sizes of fields in the packet description it's 34 [words]. That 26 is
> > > just wrong.
> > 
> > Good point.
> > 
> > Yeah, I just grabbed a capture against NT4 and it does have 34 bytes, and 
> 
> Actually it's 34 words / 68 bytes.

Yes.  That's a typo on my part.  s/bytes/words

> > > As you pointed out above I think it's interesting that (34 - 26) * 2 is
> > > 16 which is how big that garbage trailer is in W2K and XP NT_CREATE_ANDX
> > > responses.
> > 
> > Actually, there's 32 bytes worth of garbage in the captures I've got.  
> > That is, following the ByteCount field (which is correctly zero) I always 
> > see 32 bytes of semi-random stuff that shouldn't be there.
> 
> 16 bytes.
> 
> > So... It's wrong by 16 words.
> 
> Still multiplying by 2. It's really 8 words / 16 bytes.

No, I'm counting it up.  In my captures I am seeing 32 bytes of extra
garbage beyond the ByteCount field.  That's what I'm seeing in a handful
of different captures.

> > > It's as if the MS developers were reviewing the code for the
> > > next generation CIFS implementation and said "Ahh, according to the docs
> > > this packet is 16 bytes too small, let's make it bigger!"
> > 
> > Yeah.  Maybe.  Sure seems they messed something up.
> 
> As we've so gracefully demonstrated ourselves :-)

One typo.  Only one.  :)

Chirdz -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org