Length limitation for the string returned from samba_version_string() in reply_sesssetup_and_X()?

[Tim Prouty]

Hi,

I am working with the samba 3.0.24 code base.

I have run into a problem when setting SAMBA_VERSION_VENDOR_SUFFIX to  
a string that is long enough to max out the size of the samba_version  
fstring in samba_version_string().   When running "net use X: \ 
\server_name\\share"  on a windows XP client, a Session Setup andX  
chained with a Tree Connect AndX request is sent from the client.  In  
reply_sesssetup_and_X(), samba_version_string() is appended to the  
outbuf when calling add_signature(), which populates the Native LAN  
Manager field in the reply.  Having this large outbuf causes a  
problem when chain_reply() is called because chain_reply() subtracts  
the size of the outbuf from the size of the inbuf and ends up passing  
in a negative size to switch_message().  switch_message() then fails  
in the first conditional and kills the process.

It seems to me that the length of the version string should be able  
to be the full length of an fstring.  Is there some invariant that  
I'm not seeing?  If so, is this something that may be able to be  
caught earlier and produce a more revealing error message?  I'm kind  
of new to the CIFS protocol, so it's certainly possible I'm missing  
something very simple.

Thanks!

-Tim