RAP bug: Not truncating names to 12 characters.
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Jan 15 06:32:27 GMT 2004
I got an indirect bug report and I've just reproduced it against the
latest CVS. Yes, I'll file a report. In the mean time, here's the deal:
Windows 9x and Me use the old RAP calls. In particular, they use
NetShareEnum() RAP call to retrieve share names. NetShareEnum() has a
built-in share name limit of 12 bytes. If you send a NetShareEnum()
request to a W2K server that has a share named "verylongsharename" that
share won't be listed.
What I'm seeing from the latest CVS is that the name "verylongshare" is
returned and displayed (by W98 in this case). There are two problems with
the above name:
1) It's truncated, so it's not the correct share name and the share
cannot be accessed.
2) It's 13 characters. That means that we're not terminating the
string. No terminating nul byte!
Testing against W2K I confirmed that it won't return share names longer
than 12 bytes, and the names that are returned are always terminated.
So, somewhere in lanman.c (need to look a little closer) we need to be
checking the name length and skipping the name if it's longer than 12
bytes.
Chris -)-----
--
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical
mailing list