[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)

Matthew Tippett matthew at casero.com
Tue Dec 3 09:36:11 EST 2002 

By creating a new buffer (quick fix until Michael weaves his magic), the
problem goes away :).

Yay!

Matt

Matthew Tippett wrote:
> Hello,
> 
> Managed to get the error repeatable. It is a little bit subtle, but 
> still could be quite nasty.  It is a mix of CIFS non compliance of the
> win98 SMB codebase (as found in 98 and ME, nice one for you Chris).
> 
> Firstly, when reading in a number of bytes from the wire, it is placed
> over a 64k buffer which appears to be re-used.  Now java initialises 
> arrays to be full of '0's.
> 
> Then along comes the first request, the array is nice and pristine,
and 
> so the code scanning for the nulls finds it straight away returns a 
> 'null' domain.
> 
> When the next request comes along, the buffer already has some extra 
> data placed into it and so when it parses the data, it puts 'crap' in 
> the URL field.
> 
> The CIFS standard defines the response as having the DOMAIN and DC 
> fields when returning LANMAN2.1 responses.
> 
> The ethereal protocol-dissector for smb, tries to get a string and if 
> the string is null it calls it a day.  This can be seen in the dumps 
> that I have made previously.
> 
> Soo...  To solve this, there are three options,
> 
>     o Look at the capabilities fields and determine if there is a
> domain
>     o Zero out the buffer (Not recommended)
>     o Look back at the Encryption key length field determine what
> the length of the key is.
> 
> I will await guidance for resolution.
> 
> Regards,
> 
> Matthew
> 
> 
> -----
> 
> The information contained in this message is proprietary of Casero
Inc.,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
> message. If the reader of this message is not the intended recipient,
> you are hereby notified that any dissemination, use, distribution or
> copying of this communication is strictly prohibited and may be
> unlawful. If you have received this communication in error, please
> notify us immediately by replying to the message and deleting it from
> your computer. Thank you.
> 
>


-----

The information contained in this message is proprietary of Casero Inc.,
protected from disclosure, and may be privileged. The information is
intended to be conveyed only to the designated recipient(s) of the
message. If the reader of this message is not the intended recipient,
you are hereby notified that any dissemination, use, distribution or
copying of this communication is strictly prohibited and may be
unlawful. If you have received this communication in error, please
notify us immediately by replying to the message and deleting it from
your computer. Thank you.

More information about the jcifs mailing list