Length limitation for the string returned from
samba_version_string() in reply_sesssetup_and_X()?
Tim Prouty
tim.prouty at isilon.com
Wed Mar 14 00:25:56 GMT 2007
Hi,
I am working with the samba 3.0.24 code base.
I have run into a problem when setting SAMBA_VERSION_VENDOR_SUFFIX to
a string that is long enough to max out the size of the samba_version
fstring in samba_version_string(). When running "net use X: \
\server_name\\share" on a windows XP client, a Session Setup andX
chained with a Tree Connect AndX request is sent from the client. In
reply_sesssetup_and_X(), samba_version_string() is appended to the
outbuf when calling add_signature(), which populates the Native LAN
Manager field in the reply. Having this large outbuf causes a
problem when chain_reply() is called because chain_reply() subtracts
the size of the outbuf from the size of the inbuf and ends up passing
in a negative size to switch_message(). switch_message() then fails
in the first conditional and kills the process.
It seems to me that the length of the version string should be able
to be the full length of an fstring. Is there some invariant that
I'm not seeing? If so, is this something that may be able to be
caught earlier and produce a more revealing error message? I'm kind
of new to the CIFS protocol, so it's certainly possible I'm missing
something very simple.
Thanks!
-Tim
More information about the samba-technical
mailing list