Length limitation for the string returned from
samba_version_string() in reply_sesssetup_and_X()?
Tim Prouty
tim.prouty at isilon.com
Wed Mar 14 18:58:48 GMT 2007
My initial testing is showing success after applying your chain_reply
patch. The accounting for the size being passed into switch_message
() seems more logical now.
Thanks Jeremy!
-Tim
On Mar 13, 2007, at 5:40 PM, Jeremy Allison wrote:
> On Tue, Mar 13, 2007 at 05:25:56PM -0700, Tim Prouty wrote:
>> Hi,
>>
>> I am working with the samba 3.0.24 code base.
>>
>> I have run into a problem when setting SAMBA_VERSION_VENDOR_SUFFIX to
>> a string that is long enough to max out the size of the samba_version
>> fstring in samba_version_string(). When running "net use X: \
>> \server_name\\share" on a windows XP client, a Session Setup andX
>> chained with a Tree Connect AndX request is sent from the client. In
>> reply_sesssetup_and_X(), samba_version_string() is appended to the
>> outbuf when calling add_signature(), which populates the Native LAN
>> Manager field in the reply. Having this large outbuf causes a
>> problem when chain_reply() is called because chain_reply() subtracts
>> the size of the outbuf from the size of the inbuf and ends up passing
>> in a negative size to switch_message(). switch_message() then fails
>> in the first conditional and kills the process.
>>
>> It seems to me that the length of the version string should be able
>> to be the full length of an fstring. Is there some invariant that
>> I'm not seeing? If so, is this something that may be able to be
>> caught earlier and produce a more revealing error message? I'm kind
>> of new to the CIFS protocol, so it's certainly possible I'm missing
>> something very simple.
>
> I think I've just fixed this in the SVN source code. It's
> a bug in chain_reply.
>
> Can you svn update on SAMBA_3_0_25 and see if this fixes your
> problem ?
>
> Jeremy.
More information about the samba-technical
mailing list