CIFSFS client bug -

Jeremy Allison jra at
Fri Feb 8 16:31:30 MST 2013

Jeff, Steve,

Looks like the CIFSFS client is sending an invalid set
of open bits on the wire (sending a naked O_EXCL bit
without the O_CREAT bit set).

Please check out bug:

From the bug text:

Ok, it's a client bug in the Linux kernel cifsfs.

In the network capture look at packet 2222:

In the data section of the posix_open we have:

Offset           Value (converted from little-endian to native byte order)
0000             0x02
0004             0x21

The 0x2 at offset 0 == REQUEST_OPLOCK

However, at offset 4 we have the wire_open_mode. 0x21 maps to:

#define SMB_O_EXCL                       0x20
#define SMB_O_RDONLY                      0x1

But sending O_EXCL on its own without SMB_O_CREAT makes no sense, so the Samba
server code says:

        /* First take care of O_CREAT|O_EXCL interactions. */
        switch (wire_open_mode & (SMB_O_CREAT | SMB_O_EXCL)) {
                case (SMB_O_CREAT | SMB_O_EXCL):
                        /* File exists fail. File not exist create. */
                        create_disp = FILE_CREATE;
                case SMB_O_CREAT:
                        /* File exists open. File not exist create. */
                        create_disp = FILE_OPEN_IF;
                case 0:
                        /* File exists open. File not exist fail. */
                        create_disp = FILE_OPEN;
                case SMB_O_EXCL:
                        /* O_EXCL on its own without O_CREAT is undefined. */
                        DEBUG(5,("smb_posix_open: invalid create mode 0x%x\n",
                                (unsigned int)wire_open_mode ));
                        return NT_STATUS_INVALID_PARAMETER;

Note in the SMB_O_EXCL case we fall through to the error
NT_STATUS_INVALID_PARAMETER case, which is exactly what we see in the reply
packet 2223.

I'm going to re-assign this bug to Jeff and Steve as they are the client

More information about the samba-technical mailing list