[cifs-protocol] Cannot uncompress SMB3 LZ77 payload
Aurélien Aptel
aaptel at suse.com
Fri Jul 5 14:51:16 UTC 2019
Hi Stefan,
Good work on figuring out the new edgecase!
"Stefan Metzmacher" <metze at samba.org> writes:
> Actually I missed the last 00 byte, so the length field is 4 byte not 3.
Yes I figured that out too eventually.
> This patch fixes the decompression:
>
> --- lz77decompress-example1a.py 2019-07-05 15:08:16.145761364 +0200
> +++ lz77decompress-example1b.py 2019-07-05 15:40:20.824646872 +0200
> @@ -81,6 +81,10 @@ def decode(ibuf):
> # read 2 bytes from InputPosition
> MatchLength = struct.unpack_from('<H', ibuf,
> InputPosition)[0]
> InputPosition += 2
> + if MatchLength == 0:
> + # read 4 bytes from InputPosition
> + MatchLength = struct.unpack_from('<I',
> ibuf, InputPosition)[0]
> + InputPosition += 4
I have not done thorough testing but it seems to be working ok so
far. I've added support for it in wireshark [1].
> Can you extent this thread to dochelp at microsoft.com
> (and still cc: cifs-protocol at lists.samba.org)
Sure. I will start a new thread with the new info.
Cheers,
1: https://code.wireshark.org/review/c/33855/
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg)
More information about the cifs-protocol
mailing list