[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Tue Dec 3 17:46:59 EST 2002 

> -----Original Message-----
> From:	Matthew Tippett [SMTP:matthew at casero.com]
> Sent:	Monday, December 02, 2002 5:05 PM
> To:	jcifs at lists.samba.org
> Subject:	[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)
> 
> Hello,
> 
> Managed to get the error repeatable. It is a little bit subtle, but 
> still could be quite nasty.  It is a mix of CIFS non compliance of the 
> win98 SMB codebase (as found in 98 and ME, nice one for you Chris).
> 
> Firstly, when reading in a number of bytes from the wire, it is placed 
> over a 64k buffer which appears to be re-used.  Now java initialises 
> arrays to be full of '0's.
> 
> Then along comes the first request, the array is nice and pristine, and 
> so the code scanning for the nulls finds it straight away returns a 
> 'null' domain.
> 
> When the next request comes along, the buffer already has some extra 
> data placed into it and so when it parses the data, it puts 'crap' in 
> the URL field.
> 
	Do you mean a domain in the domain enum response is not properly null
	terminated? I'm not sure I understand. What field of what response exacty? Is
	it the name member in the ServerInfo1 structure of NetServerEnum2 response
	that's not null terminated property? Can you get a -Dlog=ALL if ethereal is not
	picking this up properly?

> The CIFS standard defines the response as having the DOMAIN and DC 
> fields when returning LANMAN2.1 responses.
> 
> The ethereal protocol-dissector for smb, tries to get a string and if 
> the string is null it calls it a day.  This can be seen in the dumps 
> that I have made previously.
> 
> Soo...  To solve this, there are three options,
> 
> 	o Look at the capabilities fields and determine if there is a
> domain
> 	o Zero out the buffer (Not recommended)
> 	o Look back at the Encryption key length field determine what
> the 
> length of the key is.
> 
> I will await guidance for resolution.
> 
> Regards,
> 
> Matthew
> 
> 
> -----
> 
> The information contained in this message is proprietary of Casero Inc.,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the
> message. If the reader of this message is not the intended recipient,
> you are hereby notified that any dissemination, use, distribution or
> copying of this communication is strictly prohibited and may be
> unlawful. If you have received this communication in error, please
> notify us immediately by replying to the message and deleting it from
> your computer. Thank you.
>

More information about the jcifs mailing list