smb1cli_inbuf_parse_chain fails with SMBntcreateX extended response

Gordon Ross gordon.w.ross at
Mon Apr 4 16:05:20 UTC 2016

This will do it:
smbtorture ... raw.oplock.exclusive1

On Fri, Apr 1, 2016 at 2:43 PM, Jeremy Allison <jra at> wrote:
> On Thu, Mar 31, 2016 at 12:23:07PM -0400, Gordon Ross wrote:
>> Has anyone tried smbtorture lately with SMB1 NT create and the
>> "extended response" format?   [MS-SMB] Sec.
>>     Windows-based SMB servers send 50 (0x32) words in the extended
>> response although * they set the WordCount field to 0x2A.
>> This trips up smb1cli_inbuf_parse_chain, which ends up using the
>> "Maximal Access Rights" field as the byte count, and then decides
>> the response is invalid because the message is not that long.
>> I've attached a sample response packet.
>> Here's an (admittedly hack-ish) way to deal with that.
>> [patch attached]
> Hmmm. How are you getting this to trigger in the
> client code - is it from the notify_online_send()
> code (that's the only place I can see where the

More information about the samba-technical mailing list