smbclient error when ls against win10 share

Jeremy Allison jra at
Tue Apr 5 16:01:25 UTC 2016

On Tue, Apr 05, 2016 at 10:12:27AM +0000, Thomas Dvorachek wrote:
> Yep - zip of two pcapng files attached.  
> Trace shows what i saw when i added a bunch of debug outputs to source: in "find_first2 data" smb response, whenever the "Reserved" value immediately after "Short file name len" is not zero, smbclient pops the cli_list error 260 (we're hitting the "Bad short name length" test of slen greater than 24 in source.)
> In traces: both doing `ls` from "Windows" directory; one error trace due to "addins" directory entry having "1f" in Reserved field, one error trace due to "Boot" directory entry having "12" in Reserved field.
> Could be my win10 device is responding with bad packet structure, or something might be misaligned in smbclient processing the response packet fields.
> BTW: no errors when i use a windows device to `net use x: \\IP-addr\c$`, `x:`, `cd Windows`, `dir` ... cmd.exe outputs listing ok.
> Thx.

Oh, looks like source3/libsmb/clilist.c
is reading a 16-bit value where it should
be reading an 8-bit one.

Also, looks like Win10 is returning an
uninitialized byte here..

Can you try this patch and see if it
fixes it ?

If so I'll log a bug and get this
fixed in master and released branches.


-------------- next part --------------
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 94bbc57..6438d3b 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -186,7 +186,7 @@ static size_t interpret_long_filename(TALLOC_CTX *ctx,
 			namelen = IVAL(p,0);
 			p += 4;
 			p += 4; /* EA size */
-			slen = SVAL(p, 0);
+			slen = CVAL(p, 0);
 			if (slen > 24) {
 				/* Bad short name length. */
 				return pdata_end - base;

More information about the samba-technical mailing list