RAP bug: Not truncating names to 12 characters.

Christopher R. Hertel crh at ubiqx.mn.org
Thu Jan 15 06:32:27 GMT 2004


I got an indirect bug report and I've just reproduced it against the 
latest CVS.  Yes, I'll file a report.  In the mean time, here's the deal:

Windows 9x and Me use the old RAP calls.  In particular, they use 
NetShareEnum() RAP call to retrieve share names.  NetShareEnum() has a 
built-in share name limit of 12 bytes.  If you send a NetShareEnum() 
request to a W2K server that has a share named "verylongsharename" that 
share won't be listed.

What I'm seeing from the latest CVS is that the name "verylongshare" is 
returned and displayed (by W98 in this case).  There are two problems with 
the above name:
  1) It's truncated, so it's not the correct share name and the share 
     cannot be accessed.
  2) It's 13 characters.  That means that we're not terminating the 
     string.  No terminating nul byte!

Testing against W2K I confirmed that it won't return share names longer
than 12 bytes, and the names that are returned are always terminated.

So, somewhere in lanman.c (need to look a little closer) we need to be 
checking the name length and skipping the name if it's longer than 12 
bytes.

Chris -)-----

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org


More information about the samba-technical mailing list