Bug 10145 - Samba SMB2 client code reads the wrong short name length in a directory listing reply.
Summary: Samba SMB2 client code reads the wrong short name length in a directory listi...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Blocks: 9306
  Show dependency treegraph
Reported: 2013-09-17 02:23 UTC by Jeremy Allison
Modified: 2013-09-19 07:59 UTC (History)
1 user (show)

See Also:

git-am fix from master for 4.1.0 (1.12 KB, patch)
2013-09-17 18:14 UTC, Jeremy Allison
metze: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2013-09-17 02:23:47 UTC
The short name length defined in MS-FSCC is only one byte, the next byte is undefined. The Samba SMB2 client code was reading both bytes as a short name length instead of just one.

Discovered at the SNIA SDC plugfest - some OEM SMB2 servers return 0xFF in the undefined field.

Patch for 4.1.0 to follow.
Comment 1 Jeremy Allison 2013-09-17 18:14:03 UTC
Created attachment 9221 [details]
git-am fix from master for 4.1.0

git cherry-pick -x 1c41feb7893ae4a4f42c035f3c83f8b2950b7816
Comment 2 Jeremy Allison 2013-09-18 00:43:47 UTC
Re-assigned to Karolin for inclusion into 4.1.0.
Comment 3 Karolin Seeger 2013-09-18 07:30:10 UTC
Pushed to autobuild-v4-1-test.
Comment 4 Karolin Seeger 2013-09-19 07:59:48 UTC
Pushed to v4-1-test.
Closing out bug report.