Bug 15365 - The smbd grants zero credit to the client
Summary: The smbd grants zero credit to the client
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.18.0rc2
Hardware: All All
: P5 minor (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-26 04:13 UTC by fouzhe
Modified: 2023-04-26 22:12 UTC (History)
0 users

See Also:


Attachments
Response with credit 0 for request containing a malformed MessageID (421.19 KB, image/png)
2023-04-26 04:13 UTC, fouzhe
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description fouzhe 2023-04-26 04:13:07 UTC
Created attachment 17873 [details]
Response with credit 0 for request containing a malformed MessageID

When I used a TreeConnection request with a mutated MessageID field, the smbd server grants zero credit to the client.

The normal TREECONNECT request contains a MessageID with value 3. If this field is mutated from 3 to 252, the server would respond with a TREECONNECT response whose credit is 0, as shown in the attached file. However, the guideline [1] says that "The server MUST ensure that the number of credits held by the client is never reduced to zero."


[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/2e366edb-b006-47e7-aa94-ef6f71043ced
Comment 1 Jeremy Allison 2023-04-26 22:12:32 UTC
Can you please show this test running against a Windows server. I'd like to see what Windows returns in this case.