Bug 9096 - smbclient: regression when retrieving share list from OS/2 server
smbclient: regression when retrieving share list from OS/2 server
Status: RESOLVED FIXED
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools
3.6.7
All All
: P5 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-15 03:46 UTC by Guenter Kukkukk
Modified: 2012-08-16 16:00 UTC (History)
1 user (show)

See Also:


Attachments
failing attempt (5.58 KB, application/octet-stream)
2012-08-15 23:59 UTC, Guenter Kukkukk
no flags Details
working (7.37 KB, application/octet-stream)
2012-08-16 00:04 UTC, Guenter Kukkukk
no flags Details
Patch for master (2.68 KB, patch)
2012-08-16 04:57 UTC, Stefan Metzmacher
no flags Details
Patch for master (2.68 KB, patch)
2012-08-16 05:06 UTC, Stefan Metzmacher
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenter Kukkukk 2012-08-15 03:46:01 UTC
A similar regression was seen and fixed some months ago (by metze).

Test env: very recent git master

-------
smbclient -L wrkgk -Ugk
Enter gk's password: 
OS=[OS/2 2.40] Server=[IBM LAN Server 5.0]

        Sharename       Type      Comment
        ---------       ----      -------
GK0: buflen = 33 MIN_SMB_SIZE: 35   
Error returning browse list: NT_STATUS_CONNECTION_DISCONNECTED
OS=[OS/2 2.40] Server=[IBM LAN Server 5.0]

        Server               Comment
        ---------            -------
        WRKGK                Guenters Pentium 200 - wrkgk

        Workgroup            Master
        ---------            -------
---------

The debug message "GK0: buflen = 33 MIN_SMB_SIZE: 35" results
from the following addition to 
    libcli/smb/smbXcli_base.c
---
static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
					  struct iovec **piov, int *pnum_iov)
{
	struct iovec *iov;
	int num_iov;
	size_t buflen;
	size_t taken;
	size_t remaining;
	uint8_t *hdr;
	uint8_t cmd;
	uint32_t wct_ofs;

	buflen = smb_len_nbt(buf);
	taken = 0;

	hdr = buf + NBT_HDR_SIZE;

	if (buflen < MIN_SMB_SIZE) {
		DEBUG(0, ("GK0: buflen = %d MIN_SMB_SIZE: %d\n",buflen,
			      MIN_SMB_SIZE));
		return NT_STATUS_INVALID_NETWORK_RESPONSE;
	}
---

I already tried to debug this - got totally confused with
the now async flow control...

More info will follow.

Cheers, Günter

btw - that len = 33 can already be seen in
   smb1cli_conn_dispatch_incoming()
Comment 1 Stefan Metzmacher 2012-08-15 10:03:28 UTC
Hi Guenther,

(In reply to comment #0)
> A similar regression was seen and fixed some months ago (by metze).
> 
> Test env: very recent git master
> 
> -------
> smbclient -L wrkgk -Ugk
> Enter gk's password: 
> OS=[OS/2 2.40] Server=[IBM LAN Server 5.0]
> 
>         Sharename       Type      Comment
>         ---------       ----      -------
> GK0: buflen = 33 MIN_SMB_SIZE: 35   
> Error returning browse list: NT_STATUS_CONNECTION_DISCONNECTED
> OS=[OS/2 2.40] Server=[IBM LAN Server 5.0]
> 
>         Server               Comment
>         ---------            -------
>         WRKGK                Guenters Pentium 200 - wrkgk
> 
>         Workgroup            Master
>         ---------            -------
> ---------
> 
> The debug message "GK0: buflen = 33 MIN_SMB_SIZE: 35" results
> from the following addition to 
>     libcli/smb/smbXcli_base.c
> ---
> static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
>                       struct iovec **piov, int *pnum_iov)
> {
>     struct iovec *iov;
>     int num_iov;
>     size_t buflen;
>     size_t taken;
>     size_t remaining;
>     uint8_t *hdr;
>     uint8_t cmd;
>     uint32_t wct_ofs;
> 
>     buflen = smb_len_nbt(buf);
>     taken = 0;
> 
>     hdr = buf + NBT_HDR_SIZE;
> 
>     if (buflen < MIN_SMB_SIZE) {
>         DEBUG(0, ("GK0: buflen = %d MIN_SMB_SIZE: %d\n",buflen,
>                   MIN_SMB_SIZE));
>         return NT_STATUS_INVALID_NETWORK_RESPONSE;
>     }
> ---
> 
> I already tried to debug this - got totally confused with
> the now async flow control...
> 
> More info will follow.

Please always upload a capture for this kind of bugs...
It would be also good to have a capture of an older smbclient
version, which works.

It's really strange that OS/2 sends just 33 bytes as it's an invalid
PDU.

metze
Comment 2 Guenter Kukkukk 2012-08-15 23:59:02 UTC
Created attachment 7775 [details]
failing attempt

This is the failing attempt done with somewhat recent git master, when using
   smbclient -L wrkgk -Ugk  (note that OS/2 requires a valid user here)

The NetShareEnum request is not seen here at all after the failing
NT_Create_AndX request for \srvsvc

See next post, where a working smbclient-3.6.3 is used.
Cheers, Günter
Comment 3 Guenter Kukkukk 2012-08-16 00:04:37 UTC
Created attachment 7776 [details]
working

this is the working attempt, done on a different machine (linux600)
where smbclient-3.6.3 is installed.

Same cmd used:
   smbclient -L wrkgk -Ugk
Here the NetShareEnum request (and response) is seen ...

Cheers, Günter
Comment 4 Stefan Metzmacher 2012-08-16 04:57:53 UTC
Created attachment 7780 [details]
Patch for master

I guess this will fix the problem
Comment 5 Stefan Metzmacher 2012-08-16 05:06:46 UTC
Created attachment 7781 [details]
Patch for master

This should fix the problem (and compile:-)
Comment 6 Guenter Kukkukk 2012-08-16 15:52:06 UTC
Hi Metze,

your patch fixes the problem!  :-)
Thanks.

Cheers, Günter
Comment 7 Stefan Metzmacher 2012-08-16 16:00:46 UTC
(In reply to comment #6)
> Hi Metze,
> 
> your patch fixes the problem!  :-)
> Thanks.
> 
> Cheers, Günter

Ok, it's in master as 56fc7bc661bcea0a63d28efdd50c345715ea21bd