WriteAndX chain offsets

samba.10.maazl at spamgourmet.com samba.10.maazl at spamgourmet.com
Sun Aug 1 05:45:32 MDT 2010


newer samba 3 builds have a different implementation of chain_reply that 
handles inconsistencies in the chain offsets differently. This seems to 
cause problems with LANMAN2 clients. In fact I could reproduce a crash 
of Thunderbird (on eCS) when deleting mails.

After some tests I disabled one error check at chain_reply (process.c):

   already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf));
   if (chain_offset < already_used) {
     DEBUG(10, ("chain_reply: 3 - chain_offset=%i, already_used=%i, 
req->buflen=%i\n", chain_offset, already_used, req->buflen));
     // Do not fail to keep Thunderbird alive.
     // goto error;

This fixed the problem so far. However, it might have other drawbacks. 
So I seek for a more sophisticated solution.

[tshark traces]
Samba 3.2.5 (working)
Frame 910/911

Samba 3.5.4 (Thunderbird crash)
Frame 833/834

Obviously with samba 3.2.5 the offset in the reply (48) message is 
different from the request (60). I would not bet that the bug is not in 
the IBM Peer Requester, but at least it worked with the older samba.


More information about the samba-technical mailing list