9057 – SMB2 credit handling code has bugs.

Bug 9057 - SMB2 credit handling code has bugs.

Summary: SMB2 credit handling code has bugs.

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	SMB2 (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P1 regression
Target Milestone:	---
Assignee:	Karolin Seeger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-07-20 23:17 UTC by Jeremy Allison
Modified:	2012-07-24 18:51 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Patches for v3-6-test (28.61 KB, patch) 2012-07-23 12:45 UTC, Stefan Metzmacher	jra: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2012-07-20 23:17:52 UTC

Found (and fixed in master) by metze:

1. If the client starts with a SMB1 negprot, we never removed seqnum 0.

2. when moving the seqnum_low, we didn't calculate the bitmap_offset
correctly.

3. we moved seqnum_low + 1 (as lowest value) instead of id == seqnum_low.

4. we didn't stop granting credits if the client didn't use seqnum_low.

5. first we granted all credits that client asked for in the first response
   and our 1/16th logic, removed credits the client already had.
   I guess the windows client doesn't expect the server to remove credits
   if he asks to keep the current credit level.

Back-ports of patches from master to follow.

Comment 1 Stefan Metzmacher 2012-07-23 12:45:52 UTC

Created attachment 7716 [details]
Patches for v3-6-test

Comment 2 Jeremy Allison 2012-07-23 21:37:22 UTC

Comment on attachment 7716 [details]
Patches for v3-6-test

Great work Metze ! Thanks.

Comment 3 Jeremy Allison 2012-07-23 21:37:46 UTC

Re-assigning to Karolin for inclusion in 3.6.next.
Jeremy.

Comment 4 Karolin Seeger 2012-07-24 18:51:04 UTC

Pushed to v3-6-test.
Closing out bug report.

Thanks!