15365 – The smbd grants zero credit to the client

Bug 15365 - The smbd grants zero credit to the client

Summary: The smbd grants zero credit to the client

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.18.0rc2
Hardware:	All All

Importance:	P5 minor (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-04-26 04:13 UTC by fouzhe
Modified:	2023-04-26 22:12 UTC (History)
CC List:	0 users

See Also:

Attachments
Response with credit 0 for request containing a malformed MessageID (421.19 KB, image/png) 2023-04-26 04:13 UTC, fouzhe	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description fouzhe 2023-04-26 04:13:07 UTC

Created attachment 17873 [details]
Response with credit 0 for request containing a malformed MessageID

When I used a TreeConnection request with a mutated MessageID field, the smbd server grants zero credit to the client.

The normal TREECONNECT request contains a MessageID with value 3. If this field is mutated from 3 to 252, the server would respond with a TREECONNECT response whose credit is 0, as shown in the attached file. However, the guideline [1] says that "The server MUST ensure that the number of credits held by the client is never reduced to zero."


[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/2e366edb-b006-47e7-aa94-ef6f71043ced

Comment 1 Jeremy Allison 2023-04-26 22:12:32 UTC

Can you please show this test running against a Windows server. I'd like to see what Windows returns in this case.