'Re: [cifs-protocol] [EXTERNAL] Re: SMB2_CREATE pathname "x\..\y.txt" -> STATUS_INVALID_PARAMETER? [1'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cifs-protocol
Subject:    Re: [cifs-protocol] [EXTERNAL] Re: SMB2_CREATE pathname "x\..\y.txt" -> STATUS_INVALID_PARAMETER? [1
From:       Volker Lendecke via cifs-protocol <cifs-protocol () lists ! samba ! org>
Date:       2020-08-20 8:33:04
Message-ID: 20200820083304.GB9878 () sernet ! de
[Download RAW message or body]

On Wed, Aug 19, 2020 at 02:40:30PM +0000, Jeff McCashland wrote:
> We have updated section 3.3.5.9 of [MS-SMB2] for the next release:

Thanks!

Volker

> =

> If the file name in the Buffer field of the request fails to resolve the =
pathname components as specified in [MS-FSCC] section 2.1.5.1, the server S=
HOULD<262> fail the request with STATUS_INVALID_PARAMETER.
> <262> Section 3.3.5.9: Windows-based servers fail the CREATE request with=
 STATUS_INVALID_PARAMETER if the file name in the Buffer field of the reque=
st begins in the form "subfolder\..\", for example "x\..\y.txt".
> =

> Please note that we will be further updating the spec to clarify that the=
 Client MUST resolve any dot directory names before sending the request to =
the server, and the Server SHOULD fail requests containing dot directory na=
mes. =

> =

> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Sp=
ecifications Team =

> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)=
 Pacific Time (US and Canada)
> Local country phone number found here: http://support.microsoft.com/globa=
lenglish | Extension 1138300
> We value your feedback.=A0 My manager is Natesha Morrison (namorri), +1 (=
704) 430-4292
> =

> -----Original Message-----
> From: Jeff McCashland =

> Sent: Wednesday, June 17, 2020 10:26 AM
> To: Volker.Lendecke@SerNet.DE
> Cc: cifs-protocol@lists.samba.org; support <support@mail.support.microsof=
t.com>
> Subject: RE: [EXTERNAL] Re: SMB2_CREATE pathname "x\..\y.txt" -> STATUS_I=
NVALID_PARAMETER? [120061624003369]
> =

> Hi Volker,
> =

> I will be raising the issue with the content team to consider documenting=
 the behavior. =

> =

> Please let me know if you have further concerns. =

> =

> Best regards,
> Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Sp=
ecifications Team
> Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00)=
 Pacific Time (US and Canada) Local country phone number found here: http:/=
/support.microsoft.com/globalenglish | Extension 1138300 We value your feed=
back.=A0 My manager is Jeremy Chapman (jeremyc), +1 (469) 775-2475
> =

> -----Original Message-----
> From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
> Sent: Tuesday, June 16, 2020 4:13 PM
> To: Jeff McCashland <jeffm@microsoft.com>
> Cc: cifs-protocol@lists.samba.org; support <support@mail.support.microsof=
t.com>
> Subject: [EXTERNAL] Re: SMB2_CREATE pathname "x\..\y.txt" -> STATUS_INVAL=
ID_PARAMETER? [120061624003369]
> =

> On Tue, Jun 16, 2020 at 11:07:18PM +0000, Jeff McCashland wrote:
> > You found some interesting code that I did not find documentation for. =

> > However, it is necessary to violate the spec in order to hit it, so it =

> > isn't something we would document.
> > =

> > Please note:
> > [FSCC]
> > 2.1.5 Pathname
> > 2.1.5.1	Dot Directory Names
> > Except where explicitly permitted, a pathname component that is a dot =

> > directory name MUST NOT be sent over the wire.
> =

> Yep, I know that snippet. My problem is that this does not document that =
doing this leads to INVALID_PARAMETER and not INVALID_OBJECT_NAME or some o=
ther error message.
> =

> > That being said, Windows Server parses the filename after the check =

> > for DFS normalization, and attempts to remove/resolve any "." or ".."
> > references in order to reduce the buffer size. If it finds "\..\", it =

> > searches the string before that point for an earlier "\"
> > separator to find the parent directory. In the test you mentioned for =

> > "x\..\y.txt", there is no earlier separator. When this routine fails, =

> > it returns INVALID_PARAMETER. Note that an open to "x\y\..\z.txt"
> > would not fail this routine (but it is still a violation, so might =

> > fail otherwise).
> =

> I'll try that, thanks for the hint.
> =

> > Please let me know if you have further concerns on this issue. =

> =

> Well, I would have thought that any behaviour visible on the network woul=
d be documented in the spec, but apparently I was wrong...
> =

> Thanks,
> =

> Volker

-- =

SerNet GmbH, Bahnhofsallee 1b, 37081 G=F6ttingen
phone: 0551-370000-0, mailto:kontakt@sernet.de
Gesch.F.: Dr. Johannes Loxen und Reinhild Jung
AG G=F6ttingen: HR-B 2816 - http://www.sernet.de

_______________________________________________
cifs-protocol mailing list
cifs-protocol@lists.samba.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread] 