[cifs-protocol] [REG:119070521001876] SMB3 LZ77 decompression issues
Edgar Olougouna
edgaro at microsoft.com
Fri Jul 12 21:39:30 UTC 2019
Aurélien,
Upon review, we noticed there is additional logic to handle values larger than 1 << 16 for the MatchLength. The second change here is that the we subtract 15 from the MatchLength instead of 15 + 7. See additions on lines 37 to 39. Let us know whether this helps.
We are also taking the opportunity to review other variants of LZ77.
LEFT: C:\temp\olddoc.txt
RIGHT: C:\temp\newdoc.txt
1
BufferedFlags = 0
2
BufferedFlagCount = 0
3
InputPosition = 0
4
OutputPosition = 0
5
LastLengthHalfByte = 0
6
Loop until break instruction or error
7
If BufferedFlagCount == 0
8
BufferedFlags = read 4 bytes at InputPosition
9
InputPosition += 4
10
BufferedFlagCount = 32
11
BufferedFlagCount = BufferedFlagCount – 1
12
If (BufferedFlags & (1 << BufferedFlagCount)) == 0
13
Copy 1 byte from InputPosition to OutputPosition. Advance both.
14
Else
15
If InputPosition == InputBufferSize
16
Decompression is complete. Return with success.
17
MatchBytes = read 2 bytes from InputPosition
18
InputPosition += 2
19
MatchLength = MatchBytes mod 8
20
MatchOffset = (MatchBytes / 8) + 1
21
If MatchLength == 7
22
If LastLengthHalfByte == 0
23
MatchLength = read 1 byte from InputPosition
24
MatchLength = MatchLength mod 16
25
LastLengthHalfByte = InputPosition
26
InputPosition += 1
27
Else
28
MatchLength = read 1 byte from LastLengthHalfByte position
29
MatchLength = MatchLength / 16
30
LastLengthHalfByte = 0
31
If MatchLength == 15
32
MatchLength = read 1 byte from InputPosition
33
InputPosition += 1
34
If MatchLength == 255
35
MatchLength = read 2 bytes from InputPosition
36
InputPosition += 2
37
+
If MatchLength == 0
38
+
MatchLength = read 8 bytes from InputPosition
39
+
InputPosition += 8 bytes
40
+
If MatchLength < 15
41
Return error.
42
+
MatchLength -= 15
43
MatchLength += 15
44
MatchLength += 7
45
MatchLength += 3
46
For i = 0 to MatchLength – 1
47
Copy 1 byte from OutputBuffer[OutputPosition – MatchOffset]
48
OutputPosition += 1
COMMENTS:
Thanks,
Edgar
-----Original Message-----
From: Edgar Olougouna
Sent: Friday, July 5, 2019 4:07 PM
To: Aurélien Aptel <aaptel at suse.com>; cifs-protocol at lists.samba.org
Cc: support <support at mail.support.microsoft.com>
Subject: RE: [REG:119070521001876] SMB3 LZ77 decompression issues
Hi Aurélien,
Thank you for following-up. I am in the process of reviewing our implementation.
Regards,
Edgar
-----Original Message-----
From: Aurélien Aptel <aaptel at suse.com<mailto:aaptel at suse.com>>
Sent: Friday, July 5, 2019 3:18 PM
To: Edgar Olougouna <edgaro at microsoft.com<mailto:edgaro at microsoft.com>>; cifs-protocol at lists.samba.org<mailto:cifs-protocol at lists.samba.org>
Cc: support <support at mail.support.microsoft.com<mailto:support at mail.support.microsoft.com>>
Subject: RE: [REG:119070521001876] SMB3 LZ77 decompression issues
Hi Edgar!
"Edgar Olougouna" <edgaro at microsoft.com<mailto:edgaro at microsoft.com>> writes:
> Aurélien,
> I will take a look at this and follow-up. If you apply the change Metze suggested to the pseudo-code, does it allow you to decompress the payload?
Yes, which would mean the pseudo code in MS-XCA is incomplete.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20190712/488cc6b4/attachment-0001.htm>
More information about the cifs-protocol
mailing list