Length limitation for the string returned from
samba_version_string() in reply_sesssetup_and_X()?
Jeremy Allison
jra at samba.org
Wed Mar 14 00:40:33 GMT 2007
On Tue, Mar 13, 2007 at 05:25:56PM -0700, Tim Prouty wrote:
> Hi,
>
> I am working with the samba 3.0.24 code base.
>
> I have run into a problem when setting SAMBA_VERSION_VENDOR_SUFFIX to
> a string that is long enough to max out the size of the samba_version
> fstring in samba_version_string(). When running "net use X: \
> \server_name\\share" on a windows XP client, a Session Setup andX
> chained with a Tree Connect AndX request is sent from the client. In
> reply_sesssetup_and_X(), samba_version_string() is appended to the
> outbuf when calling add_signature(), which populates the Native LAN
> Manager field in the reply. Having this large outbuf causes a
> problem when chain_reply() is called because chain_reply() subtracts
> the size of the outbuf from the size of the inbuf and ends up passing
> in a negative size to switch_message(). switch_message() then fails
> in the first conditional and kills the process.
>
> It seems to me that the length of the version string should be able
> to be the full length of an fstring. Is there some invariant that
> I'm not seeing? If so, is this something that may be able to be
> caught earlier and produce a more revealing error message? I'm kind
> of new to the CIFS protocol, so it's certainly possible I'm missing
> something very simple.
I think I've just fixed this in the SVN source code. It's
a bug in chain_reply.
Can you svn update on SAMBA_3_0_25 and see if this fixes your
problem ?
Jeremy.
More information about the samba-technical
mailing list