[MS-CIFS]: Common Internet File System (CIFS) Protocol

This topic lists the Errata found in the MS-CIFS document since it was last RSS
published. Since this topic is updated frequently, we recommend that you
subscribe to these RSS or Atom feeds to receive update notifications. Atom
Errata are subject to the same terms as the Open Specifications documentation
referenced.
Errata below are for Protocol Document Version V29.0 – 2020/03/04

Errata
Publishe
d* Description

2020/08/ In Section 2.2.2.3.4 SET Information Level Codes the table was updated
17
Changed from:

Name Code Description Dialect

SMB_INFO_STANDARD 0x00 Set creation, access, and last write LANMAN

01 timestamps. 2.0

SMB_INFO_SET_EAS 0x00 Set a specific list of extended attributes LANMAN

02 (EAs). 2.0

SMB_SET_FILE_BASIC_INF 0x01 Set 64-bit create, access, write, and NT

O 01 change timestamps along with extended LANMAN
file attributes. Not supported for
TRANS2_SET_PATH_INFORMATION (secti
on 2.2.6.7).

SMB_SET_FILE_DISPOSITIO 0x01 Set whether or not the file is marked for NT

N_INFO 02 deletion. Not supported for LANMAN
TRANS2_SET_PATH_INFORMATION (secti
on 2.2.6.7).

SMB_SET_FILE_ALLOCATIO 0x01 Set file allocation size. Not supported for NT

N_INFO 03 TRANS2_SET_PATH_INFORMATION (secti LANMAN
on 2.2.6.7).

SMB_SET_FILE_END_OF_FI 0x01 Set file EOF offset. Not supported for NT

LE_INFO 04 TRANS2_SET_PATH_INFORMATION (secti LANMAN
on 2.2.6.7).

Changed to:

Name Code Description Dialect

SMB_INFO_STANDARD 0x0001 Set creation, access, and last LANMAN2.0

write timestamps.

SMB_INFO_SET_EAS 0x0002 Set a specific list of extended LANMAN2.0

attributes (EAs).
Errata
Publishe
d* Description

SMB_SET_FILE_BASIC_INFO 0x0101 Set 64-bit create, access, NT

write, and change timestamps LANMAN
along with extended file
attributes.

SMB_SET_FILE_DISPOSITION_INFO 0x0102 Set whether or not the file is NT

marked for deletion. LANMAN

SMB_SET_FILE_ALLOCATION_INFO 0x0103 Set file allocation size. NT

LANMAN

SMB_SET_FILE_END_OF_FILE_INFO 0x0104 Set file EOF offset. NT

LANMAN

In Section 2.2.8.4.3 SMB_SET_FILE_BASIC_INFO, the following was changed from:

Changed from:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

requests to set the following information for the file specified in the request.<182>

Changed to:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

and TRANS2_SET_FILE_INFORMATION (section 2.2.6.9) requests to set the following information
for the file specified in the request.<182>

In Section 2.2.8.4.4 SMB_SET_FILE_DISPOSITION_INFO, the following was changed from:

Changed from:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

requests to mark or unmark the file specified in the request for deletion.<183>

Changed to:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

and TRANS2_SET_FILE_INFORMATION (section 2.2.6.9) requests to mark or unmark the file
specified in the request for deletion.<183>

In Section 2.2.8.4.5 SMB_SET_FILE_ALLOCATION_INFO, the following was changed from:

Changed from:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

requests to set allocation size information for the file specified in the request.<184>

Changed to:
Errata
Publishe
d* Description

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

and TRANS2_SET_FILE_INFORMATION (section 2.2.6.9) requests to set allocation size information
for the file specified in the request.<184>

In Section 2.2.8.4.6 SMB_SET_FILE_END_OF_FILE_INFO, the following was changed from:

Changed from:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

requests to set end-of-file information for the file specified in the request.<185>

Changed to:

This information level structure is used in TRANS2_SET_PATH_INFORMATION (section 2.2.6.7)

and TRANS2_SET_FILE_INFORMATION (section 2.2.6.9) requests to set end-of-file information for
the file specified in the request.<185>

In Section 3.2.4.13 Application Requests Setting File Attributes, the following was added:

When the Information Level is SMB_SET_FILE_ALLOCATION_INFO, the application provides:

● The allocation size of the file in bytes.

When the Information Level is SMB_SET_FILE_END_OF_FILE_INFO, the application provides:

● The absolute new end-of-file position as a byte offset from the start of the file.

2020/06/ In Section 3.1.4.1.1, Command Sequence Requirements, removed SMB_COM_SESSION_SETUP.

22
Changed from:
● Unless otherwise noted, following a successful Protocol Negotiation an
SMB_COM_SESSION_SETUP or SMB_COM_SESSION_SETUP_ANDX (section 2.2.4.53) command
MUST be used to establish an SMB session before any other SMB commands are sent. Multiple
SMB sessions can be set up per SMB connection.

Changed to:
● Unless otherwise noted, following a successful Protocol Negotiation an
SMB_COM_SESSION_SETUP_ANDX (section 2.2.4.53) command MUST be used to establish an
SMB session before any other SMB commands are sent. Multiple SMB sessions can be set up per
SMB connection.

2020/06/ In Section 2.2.2.3.3, QUERY Information Level Codes, revised description for
22 SMB_QUERY_FILE_ALL_INFO changing SMB_FILE_QUERY_STANDARD_INFO to
SMB_QUERY_FILE_STANDARD_INFO & SMB_FILE_EA_INFO to SMB_QUERY_FILE_EA_INFO.

Changed from:

SMB_QUERY_FILE_ALL_INFO
Query the
SMB_QUERY_FILE_BASIC_INFO,
SMB_FILE_QUERY_STANDARD_INFO,
SMB_FILE_EA_INFO, and
SMB_QUERY_FILE_NAME_INFO data as
well as access flags, access mode, and NT
alignment information in a single LANMAN
0x0107 request.

Changed to:

SMB_QUERY_FILE_ALL_INFO
Query the
SMB_QUERY_FILE_BASIC_INFO,
SMB_QUERY_FILE_STANDARD_INFO,
SMB_QUERY_FILE_EA_INFO, and
SMB_QUERY_FILE_NAME_INFO data as
well as access flags, access mode, and NT
alignment information in a single LANMAN
0x0107 request.

In Section 2.2.4.21, SMB_CON_WRITE_AND_UNLOCK, revised response field from

ByteCountWritten to CountOfBytesWritten.

Changed from:
The write and unlock command has the effect of writing to a range of bytes and then unlocking
them. This command is usually associated with an earlier usage of
SMB_COM_LOCK_AND_READ (section 2.2.4.20) on the same range of bytes. The server's
response field ByteCountWritten indicates the number of bytes actually written.

Changed to:
The write and unlock command has the effect of writing to a range of bytes and then unlocking
them. This command is usually associated with an earlier usage of
SMB_COM_LOCK_AND_READ (section 2.2.4.20) on the same range of bytes. The server's
response field CountOfBytesWritten indicates the number of bytes actually written.

In Section 2.2.4.23.2, Response, revised description of DataLength changing

SMB_COM_SESSION_SETUP_AND_X to SMB_COM_SESSION_SETUP_ANDX.

Changed from:
DataLength (2 bytes): This field is the number of bytes read and included in the response. The
value of this field MUST NOT cause the message to exceed the client's maximum buffer size as
specified in MaxBufferSize of the SMB_COM_SESSION_SETUP_AND_X (section 2.2.4.53) client
request.

Changed to:
DataLength (2 bytes): This field is the number of bytes read and included in the response. The
value of this field MUST NOT cause the message to exceed the client's maximum buffer size as
specified in MaxBufferSize of the SMB_COM_SESSION_SETUP_ANDX (section 2.2.4.53) client
request.

In Section 2.2.4.33.2, Response, corrected typo – SMB_COM_TRANSACTION.

Changed from:
The SMB_COM_TRANSACTON response has two possible formats.
Errata
Publishe
d* Description

Changed to:
The SMB_COM_TRANSACTION response has two possible formats.

In Section 2.2.4.64.1, Request, revised description of FILE_OPEN_BY_FILE_ID changing FileId to

FID.

Changed from:

Opens a file based on the FileId. If this option is set, the server
MUST fail the request with STATUS_NOT_SUPPORTED in the Status
FILE_OPEN_BY_FILE_ID field of the SMB Header in the server response.
0x00002000

Changed to:

Opens a file based on the FID. If this option is set, the server
MUST fail the request with STATUS_NOT_SUPPORTED in the Status
FILE_OPEN_BY_FILE_ID field of the SMB Header in the server response.
0x00002000

In Section 2.2.7.1.1, Request, revised description of FILE_OPEN_BY_FILE_ID changing FileId to

FID.

Changed from:

Opens a file based on the FileId. If this option is set, the server
MUST fail the request with STATUS_NOT_SUPPORTED in the Status
FILE_OPEN_BY_FILE_ID field of the SMB Header in the server response.
0x00002000

Changed to:

Opens a file based on the FID. If this option is set, the server
MUST fail the request with STATUS_NOT_SUPPORTED in the Status
FILE_OPEN_BY_FILE_ID field of the SMB Header in the server response.
0x00002000

In Section 2.2.8.1.7, SMB_FIND_FILE_BOTH_DIRECTORY_INFO, revised section 2.2.8.1.5 name

from SMB_FILE_FULL_DIRECTORY_INFO to SMB_FIND_FILE_FULL_DIRECTORY_INFO.

Changed from:
This information level structure is used in TRANS2_FIND_FIRST2 (section 2.2.6.2) and
TRANS2_FIND_NEXT2 (section 2.2.6.3) responses to return a combination of the
SMB_FILE_FULL_DIRECTORY_INFO and SMB_FIND_FILE_NAMES_INFO (section 2.2.8.1.6) data
for all files that match the request's search criteria.

Changed to:
This information level structure is used in TRANS2_FIND_FIRST2 (section 2.2.6.2) and
TRANS2_FIND_NEXT2 (section 2.2.6.3) responses to return a combination of the
SMB_FIND_FILE_FULL_DIRECTORY_INFO (section 2.2.8.1.5) and
SMB_FIND_FILE_NAMES_INFO (section 2.2.8.1.6) data for all files that match the request's search
criteria.
Errata
Publishe
d* Description

In Section 2.2.8.3.10, SMB_QUERY_FILE_ALL_INFO, revised packet names

SMB_QUERY_FILE_STANDARD_INFO and SMB_QUERY_FILE_EA_IINFO.

Changed from:
This information level structure is used in TRANS2_QUERY_PATH_INFORMATION (section 2.2.6.6)
and TRANS2_QUERY_FILE_INFORMATION (section 2.2.6.8) responses to return the
SMB_QUERY_FILE_BASIC_INFO, SMB_FILE_QUERY_STANDARD_INFO, SMB_FILE_EA_INFO, and
SMB_QUERY_FILE_NAME_INFO data as well as access flags, access mode, and alignment
information in a single request for the file specified in the request.

Changed to:
This information level structure is used in TRANS2_QUERY_PATH_INFORMATION (section 2.2.6.6)
and TRANS2_QUERY_FILE_INFORMATION (section 2.2.6.8) responses to return the
SMB_QUERY_FILE_BASIC_INFO, SMB_QUERY_FILE_STANDARD_INFO,
SMB_QUERY_FILE_EA_INFO, and SMB_QUERY_FILE_NAME_INFO data as well as access flags,
access mode, and alignment information in a single request for the file specified in the request.

In Section 3.2.1.4, Per Tree Connect, revised description of Client.TreeConnect.TreeID changing

treeID to TreeID.

Changed from:
Client.TreeConnect.TreeID: The treeID (TID) that identifies this tree connect as returned by the
server in the header of the SMB_COM_TREE_CONNECT Response (section 2.2.4.50.2) or the
SMB_COM_TREE_CONNECT_ANDX Response (section 2.2.4.55.2).
Changed to:
Client.TreeConnect.TreeID: The TreeID (TID) that identifies this tree connect as returned by the
server in the header of the SMB_COM_TREE_CONNECT Response (section 2.2.4.50.2) or the
SMB_COM_TREE_CONNECT_ANDX Response (section 2.2.4.55.2).
In Section 3.2.4.2.4, User Authentication, revised description changing UnicodePasswordLength to
UnicodePasswordLen and OEMPasswordLength to OEMPasswordLen.

Changed from:
● If the server supports Unicode (as indicated in Client.Connection.ServerCapabilities) the
client MAY send the plaintext password in Unicode. The Unicode password is placed into
the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an array
of bytes (not a null-terminated string). No alignment padding is used. The
UnicodePasswordLength field is set to the length, in bytes, of the Unicode password.
● If neither the client nor the server supports Unicode, or the client sends the password
in OEM character set format, the password is placed into the OEMPassword field of the
SMB_COM_SESSION_SETUP_ANDX Request as an array of bytes (not a null-terminated
string). The OEMPasswordLength field is set to the length, in bytes, of the password.
...
The LAN Manager (LM) response and the LAN Manager version 2 (LMv2) response are mutually
exclusive. The implementation MUST select either the LM or the LMv2 response and send it in the
OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an array of bytes (not a
null-terminated string). The OEMPasswordLength field MUST be set to the length in bytes of the
LM or LMv2 response.
The NT LAN Manager (NTLM) response and the NT LAN Manager version 2 (NTLMv2) response are
mutually exclusive. The implementation MUST select either the NTLM or the NTLMv2 response and
send it in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an
array of bytes (not a null-terminated string). The UnicodePasswordLength field MUST be set to the
length, in bytes of the NTLM or NTLMv2 response.
Errata
Publishe
d* Description

Changed to:
● If the server supports Unicode (as indicated in Client.Connection.ServerCapabilities) the
client MAY send the plaintext password in Unicode. The Unicode password is placed into
the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an array
of bytes (not a null-terminated string). No alignment padding is used. The
UnicodePasswordLen field is set to the length, in bytes, of the Unicode password.
● If neither the client nor the server supports Unicode, or the client sends the password
in OEM character set format, the password is placed into the OEMPassword field of the
SMB_COM_SESSION_SETUP_ANDX Request as an array of bytes (not a null-terminated
string). The OEMPasswordLen field is set to the length, in bytes, of the password.
...
The LAN Manager (LM) response and the LAN Manager version 2 (LMv2) response are mutually
exclusive. The implementation MUST select either the LM or the LMv2 response and send it in the
OEMPassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an array of bytes (not a
null-terminated string). The OEMPasswordLen field MUST be set to the length in bytes of the LM or
LMv2 response.
The NT LAN Manager (NTLM) response and the NT LAN Manager version 2 (NTLMv2) response are
mutually exclusive. The implementation MUST select either the NTLM or the NTLMv2 response and
send it in the UnicodePassword field of the SMB_COM_SESSION_SETUP_ANDX Request as an
array of bytes (not a null-terminated string). The UnicodePasswordLen field MUST be set to the
length, in bytes of the NTLM or NTLMv2 response.

In Section 3.2.5.1, Receiving Any Message, revised description changing SMB_COM_RAW_READ to

SMB_COM_READ_RAW.

Changed from:
If an SMB_COM_RAW_READ is in progress and the message is a raw data transfer, the message
MUST be handled as described in section 3.2.5.16.

Changed to:
If an SMB_COM_READ_RAW is in progress and the message is a raw data transfer, the message
MUST be handled as described in section 3.2.5.16.

In Section 3.3.5.10, Receiving, corrected typos – TypeofLock to TypeOfLock & NewOplockLevel to

NewOpLockLevel.

Changed from:
● If another process has the file open, and that process has an OpLock on the file, and the process
has asked for extended notification (Batch OpLock), the rename request MUST block until the
server has sent an OpLock break request to the owner of the OpLock, as specified in section
3.3.4.2, and either received a response or the OpLock break time-out has expired.<259> The
server MUST have the OPLOCK_RELEASE flag set in the TypeofLock field of the request. The
server MUST set the NewOplockLevel field of the request to 0x00. If the process holding the
OpLock closes the file (thus freeing the OpLock) the rename takes place. If not, the rename MUST
fail with STATUS_SHARING_VIOLATION.

Changed to:
● If another process has the file open, and that process has an OpLock on the file, and the process
has asked for extended notification (Batch OpLock), the rename request MUST block until the
server has sent an OpLock break request to the owner of the OpLock, as specified in section
3.3.4.2, and either received a response or the OpLock break time-out has expired. The server
MUST have the OPLOCK_RELEASE flag set in the TypeOfLock field of the request. The server MUST
set the NewOpLockLevel field of the request to 0x00. If the process holding the OpLock closes the
file (thus freeing the OpLock) the rename takes place. If not, the rename MUST fail with
STATUS_SHARING_VIOLATION.
 Errata
Publishe
d* Description

In Section 3.3.5.24, Receiving an SMB_COM_READ_RAW, revised description changing

BytesToReturn to MaxCountOfBytesToReturn.

Changed from:
● The server MUST attempt to read from the underlying object store for the file indicated by the
FID in the response. It MUST start reading from the file at the offset indicated by the Offset field
in the request, or by the combination of Offset and OffsetHigh if CAP_LARGE_FILES was
negotiated. The client MUST read BytesToReturn bytes or until EOF, whichever comes first.

Changed to:
● The server MUST attempt to read from the underlying object store for the file indicated by the
FID in the response. It MUST start reading from the file at the offset indicated by the Offset field
in the request, or by the combination of Offset and OffsetHigh if CAP_LARGE_FILES was
negotiated. The client MUST read MaxCountOfBytesToReturn bytes or until EOF, whichever comes
first.

In Section 3.3.5.43, Receiving an SMB_COM_SESSION_SETUP_ANDX Request, revised description

changing IdleTime to Server.Connection.IdleTime.

Changed from:
● The server MUST set CreationTime and IdleTime to be current time.
Changed to:
● The server MUST set CreationTime and Server.Connection.IdleTime to be current time.

In Section 3.3.5.53, Receiving an SMB_COM_NT_RENAME Request, revised description changing

SMB_NT_RENAME_RENAME FILE to SMB_NT_RENAME_RENAME_FILE.

Changed from:
● If the InformationLevel field value is neither SMB_NT_RENAME_RENAME FILE (0x104) nor
SMB_NT_RENAME_SET_LINK_INFO (0x103), the server SHOULD fail the request with
STATUS_INVALID_SMB (ERRSRV/ERRerror).
Changed to:
● If the InformationLevel field value is neither SMB_NT_RENAME_RENAME_FILE (0x104) nor
SMB_NT_RENAME_SET_LINK_INFO (0x103), the server SHOULD fail the request with
STATUS_INVALID_SMB (ERRSRV/ERRerror).

*Date format: YYYY/MM/DD