SMB Query FileFsVolumeInformation should allow truncation
This behaviour can only be seen on recent Windows 10 1903 builds, including 18362.295. We have an existing file and we try to open it with Notepad, VCS or python. We will see an error that tells us file can't be found, for Notepad it says "The system cannot find the file specified". When we try to open the same file with Notepad++ everything is fine. Also, Windows Explorer shows us file contents in preview window.
Steps to Reproduce:
Install Windows 10 1903 update. (Windows 1903 OS BUILD 18362.295)
Try to open file with Notepad, VCS, python (os.stat()). Probably other apps are having problems too.
Update: Turns out reproduction requires setting this Windows registry key:
FileInfoCacheLifetime DWORD 0
Without that registry key/value the client works fine.
File gets opened.
File doesn't get open.
Updated by Gordon Ross over 1 year ago
It turns out the problem here was how we handle the case where the client sends an SMB2 Query Info FS with level FileFsVolumeInformation when the specified maximum output space is smaller than the size of a full response. (This is a pretty weird case, protocol-wise.) When the output won't fit, we're supposed to return a truncated response, and STATUS_BUFFER_OVERFLOW
There are two captures attached, before and after the fix.
In frame 118 of ...4.snoop one can see that we return an 18 byte response with no label (because the label woudl not fix)
In frame 175 of ...8.snoop one can see that we return a 24 byte response with the label truncated and the correct status.
With that fix, the Windows 10 client is happy enough to open the file.
While working with MS on this, we found that we should also fill in the
"Volume Create Time" field in this response. Fixed with this change.
Getting truncation to work the way we want while building responses is a little tricky, so this adds some tests to exercise those support functions under truncating conditions.
Updated by Electric Monk about 1 year ago
- Status changed from Pending RTI to Closed
- % Done changed from 0 to 100
commit 25a9a7aaf35c7e4a2b5a57d3875af906147710d5 Author: Gordon Ross <firstname.lastname@example.org> Date: 2021-02-27T18:33:24.000Z 13572 SMB Query FileFsVolumeInformation should allow truncation Reviewed by: Matt Barden <email@example.com> Reviewed by: Yuri Pankov <firstname.lastname@example.org> Reviewed by: C Fraire <email@example.com> Approved by: Robert Mustacchi <firstname.lastname@example.org>