none
[MS-CIFS] NT_TRANSACT_QUERY_SECURITY_DESC response - Undocumented error code - STATUS_BUFFER_TOO_SMALL RRS feed

  • Question

  • Hi,

    I believe that the list of error codes for NT_TRANSACT_QUERY_SECURITY_DESC ([MS-CIFS] 2.2.7.6.2) needs to include STATUS_BUFFER_TOO_SMALL.

    This error code is sent by Windows Server 2003 SP2 when the MaxDataCount value of the request is not sufficient to store the security descriptor (The response has LengthNeeded set and SecurityDescriptor is remained empty).

    This is a special case that is not documented.

    I'm sending packet capture to dochelp (at) microsoft.com

    Thanks

    Monday, September 25, 2017 11:44 PM

Answers

  • Hi Tal,

    Thank you for the post and report.  We have reviewed the trace and we agree with your findings.  The error code 0xC0000023 is being returned in the response when the buffer is too small.  

    A request has been filed to update MS-CIFS  2.2.7.6.2 section to have STATUS_BUFFER_TOO_SMALL added into the table.

    Best regards,

    Nathan Manis


    Tuesday, September 26, 2017 5:03 PM
    Moderator

All replies

  • Hi Tal,

    Thank you for raising your issue regarding the undocumented error code for the SMB1/CIFS protocol documentation. I have created a service request for this issue and added the packet capture you provided. A member of the open specifications team will be engaging with you here regarding the issue. 

    Sincerely,

    Will Gregg | open specifications team

    Monday, September 25, 2017 11:58 PM
    Moderator
  • Hi Tal,

    Thank you for the post and report.  We have reviewed the trace and we agree with your findings.  The error code 0xC0000023 is being returned in the response when the buffer is too small.  

    A request has been filed to update MS-CIFS  2.2.7.6.2 section to have STATUS_BUFFER_TOO_SMALL added into the table.

    Best regards,

    Nathan Manis


    Tuesday, September 26, 2017 5:03 PM
    Moderator
  • Thank you Nathan,

    I believe that [MS-CIFS] 3.3.5.59.5 needs to be updated as well, this is currently the text:

    If the request fails, the server MUST return an error response indicating the error that caused the failure; otherwise, the server MUST return an NT_TRANSACT_QUERY_SECURITY_DESC Response (section 2.2.7.6.2).

    The text needs to be updated to reflect the fact that error code 0xC0000023 uses the NT_TRANSACT_QUERY_SECURITY_DESC Response with LengthNeeded being set and SecurityDescriptor remained empty.


    • Edited by Tal Aloni Tuesday, September 26, 2017 5:39 PM
    Tuesday, September 26, 2017 5:36 PM
  • Hi Tal,

    Thank you for the additional update.  We have filed a request to also update MS-CIFS section 3.3.5.59.5 to note the return behavior when the error condition when buffer is too small  (0xC0000023).  We have included the feedback above too in the request.

    Thanks again,

    Nathan

    Wednesday, September 27, 2017 5:17 PM
    Moderator