Length limitation for the string returned from samba_version_string() in reply_sesssetup_and_X()?

[Tim Prouty]

My initial testing is showing success after applying your chain_reply  
patch.  The accounting for the size being passed into switch_message 
() seems more logical now.

Thanks Jeremy!

-Tim

On Mar 13, 2007, at 5:40 PM, Jeremy Allison wrote:

> On Tue, Mar 13, 2007 at 05:25:56PM -0700, Tim Prouty wrote:
>> Hi,
>>
>> I am working with the samba 3.0.24 code base.
>>
>> I have run into a problem when setting SAMBA_VERSION_VENDOR_SUFFIX to
>> a string that is long enough to max out the size of the samba_version
>> fstring in samba_version_string().   When running "net use X: \
>> \server_name\\share"  on a windows XP client, a Session Setup andX
>> chained with a Tree Connect AndX request is sent from the client.  In
>> reply_sesssetup_and_X(), samba_version_string() is appended to the
>> outbuf when calling add_signature(), which populates the Native LAN
>> Manager field in the reply.  Having this large outbuf causes a
>> problem when chain_reply() is called because chain_reply() subtracts
>> the size of the outbuf from the size of the inbuf and ends up passing
>> in a negative size to switch_message().  switch_message() then fails
>> in the first conditional and kills the process.
>>
>> It seems to me that the length of the version string should be able
>> to be the full length of an fstring.  Is there some invariant that
>> I'm not seeing?  If so, is this something that may be able to be
>> caught earlier and produce a more revealing error message?  I'm kind
>> of new to the CIFS protocol, so it's certainly possible I'm missing
>> something very simple.
>
> I think I've just fixed this in the SVN source code. It's
> a bug in chain_reply.
>
> Can you svn update on SAMBA_3_0_25 and see if this fixes your
> problem ?
>
> Jeremy.