[jcifs] Passwords longer than 14 characters

Zalewski, Michael J (Michael)** CTR ** mjzalewski at lucent.com
Wed Apr 10 09:23:03 EST 2002 

> The first thing to do, I'm afraid, is to go with 0.6.2, which is the
> current production bugfix release.  It should just drop in, I believe.

I tried upgrading to 0.6.2. Almost identical problem

java.lang.ArrayIndexOutOfBoundsException
	at java.lang.System.arraycopy(Native Method)
	at jcifs.smb.SmbSession.getPreNTLMResponse(SmbSession.java:52)
	at
jcifs.smb.SmbComSessionSetupAndX.writeParameterWordsWireFormat(SmbComSession
SetupAndX.java:59)
	at
jcifs.smb.AndXServerMessageBlock.writeAndXWireFormat(AndXServerMessageBlock.
java:102)
	at
jcifs.smb.AndXServerMessageBlock.writeWireFormat(AndXServerMessageBlock.java
:72)
	at jcifs.smb.SmbTransport.send(SmbTransport.java, Compiled Code)
	at jcifs.smb.SmbSession.sessionSetup(SmbSession.java:149)
	at jcifs.smb.SmbSession.send(SmbSession.java:124)
	at jcifs.smb.SmbTree.treeConnect(SmbTree.java:122)
	at jcifs.smb.SmbTree.sendTransaction(SmbTree.java:50)
	at jcifs.smb.SmbFile.sendTransaction(SmbFile.java, Compiled Code)
	at jcifs.smb.SmbFile.queryPath(SmbFile.java:764)
	at jcifs.smb.SmbFile.exists(SmbFile.java:819)

This stack trace is nearly identical to the problem in 0.6b9, except for the
line numbers.

This problem occurs whenever you use a password that is longer than 14
characters, when you do something like this:

SmbFile testFile = new SmbFile(
"smb://domain;user:a_very_long_password@machine/share/testfile");
testFile.exists();

You can look at the method getPreNTLMResponse in source SmbSession.java

    static byte[] getPreNTLMResponse( String password, byte[] challenge ) {
        byte[] p14 = new byte[14];
        byte[] p21 = new byte[21];
        byte[] p24 = new byte[24];

        System.arraycopy( password.toUpperCase().getBytes(), 0, p14, 0,
password.length() );
        E( p14, S8, p21);
        E( p21, challenge, p24);
        return p24;
    }

This method allocates a 14 byte array for the password, then copies the
password into the 14 byte array (apparently without ever truncating the
password).

I also tried truncating the password to 14 characters. When I did that, the
ArrayIndexOutOfBounds exception no longer appeared. But I got a
SmbException.ERRnoAccess, which is what I would expect because I gave the
wrong password. 

However, this being Microsoft, I remember reading somewhere that the NT LM
Response may get sent to a server in two forms, encrypted once with the full
password in mixed case, and once with the password converted to upper case
and truncated to 14 characters. JCIFS apparently is doing the upper case
part. But there might be some trick to truncating long passwords.

Michael Zalewski
IBM Global Services

More information about the jcifs mailing list