[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)

Matthew Tippett matthew.tippett at sympatico.ca
Wed Dec 4 00:22:52 EST 2002

Allen, Michael B (RSCH) wrot
> When the next request comes along, the buffer already has some extra 
> data placed into it and so when it parses the data, it puts 'crap' in 
> the URL field.
> 	Do you mean a domain in the domain enum response is not properly null
> 	terminated? I'm not sure I understand. What field of what response exacty? Is
> 	it the name member in the ServerInfo1 structure of NetServerEnum2 response
> 	that's not null terminated property? Can you get a -Dlog=ALL if ethereal is not
> 	picking this up properly?

No, the Negotiate response.

If you look at the capture in cifs-winme.pcap you can see that in the 
negotiate response there is simply no domain.  If you capture a response 
from a later version of windows, there is the domain (as per the CIFS 

The NetServerEnum2 request was more of a distraction as it turned out, 
the damage had already been done by the Negotiate.

With that extra bit of information, the rest of my previous email 
remains true.



Matthew Tippett - matthew.tippett at sympatico.ca - (416) 435-4118
Technology Forum - http://www.technology-forum.org/
Commercial Open Source - http://www.commercialos.org/

More information about the jcifs mailing list