The Samba-Bugzilla – Bug 11822
source3/libsmb/clilist.c reads short name length as 2 bytes, instead of 1 byte plus reserved.
Last modified: 2016-07-18 18:14:58 UTC
Created attachment 11965 [details]
wireshark trace showing non-null 'reserved' field.
(In the attachment capture from a Windows 10 server).
Packet 21 is a FindFirst response.
In the list of files returned, look into
the "Downloaded Program Files" entry.
The short name length is 16 (0x10), followed by
a 0x1f in the 'Reserved' field.
clilist.c is reading ShortNameLength as an SVAL read instead of a CVAL read.
Patch to follow.
Created attachment 11971 [details]
git-am fix for 4.4.next, 4.3.next.
Cherry-pick from master.
Reassigning to Karolin for inclusion in 4.3 and 4.4.
*** Bug 11831 has been marked as a duplicate of this bug. ***
Pushed to autobuild-v4-[4|3]-test.
(In reply to Karolin Seeger from comment #5)
Pushed to both branches.
Closing out bug report.
This was fixed in Samba 4.3.9 and 4.4.3.
A downstream ticket reports this in Debian's 4.2.10+dfsg-0, but this might be the result of backporting: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820794