[jcifs] Domain Corruption Quantified (Win98/ME
non-compliance with CIFS std)
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Tue Dec 3 17:46:59 EST 2002
> -----Original Message-----
> From: Matthew Tippett [SMTP:matthew at casero.com]
> Sent: Monday, December 02, 2002 5:05 PM
> To: jcifs at lists.samba.org
> Subject: [jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)
>
> Hello,
>
> Managed to get the error repeatable. It is a little bit subtle, but
> still could be quite nasty. It is a mix of CIFS non compliance of the
> win98 SMB codebase (as found in 98 and ME, nice one for you Chris).
>
> Firstly, when reading in a number of bytes from the wire, it is placed
> over a 64k buffer which appears to be re-used. Now java initialises
> arrays to be full of '0's.
>
> Then along comes the first request, the array is nice and pristine, and
> so the code scanning for the nulls finds it straight away returns a
> 'null' domain.
>
> When the next request comes along, the buffer already has some extra
> data placed into it and so when it parses the data, it puts 'crap' in
> the URL field.
>
Do you mean a domain in the domain enum response is not properly null
terminated? I'm not sure I understand. What field of what response exacty? Is
it the name member in the ServerInfo1 structure of NetServerEnum2 response
that's not null terminated property? Can you get a -Dlog=ALL if ethereal is not
picking this up properly?
> The CIFS standard defines the response as having the DOMAIN and DC
> fields when returning LANMAN2.1 responses.
>
> The ethereal protocol-dissector for smb, tries to get a string and if
> the string is null it calls it a day. This can be seen in the dumps
> that I have made previously.
>
> Soo... To solve this, there are three options,
>
> o Look at the capabilities fields and determine if there is a
> domain
> o Zero out the buffer (Not recommended)
> o Look back at the Encryption key length field determine what
> the
> length of the key is.
>
> I will await guidance for resolution.
>
> Regards,
>
> Matthew
>
>
> -----
>
> The information contained in this message is proprietary of Casero Inc.,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
> message. If the reader of this message is not the intended recipient,
> you are hereby notified that any dissemination, use, distribution or
> copying of this communication is strictly prohibited and may be
> unlawful. If you have received this communication in error, please
> notify us immediately by replying to the message and deleting it from
> your computer. Thank you.
>
More information about the jcifs
mailing list