[jcifs] Domain Corruption Quantified (Win98/ME non-compliance
with CIFS std)
Matthew Tippett
matthew.tippett at sympatico.ca
Wed Dec 4 16:19:37 EST 2002
The behaviour if the buffer area is unused results in the same
behaviour. Java initialises the byte array as an array of zeros.
Thus after a negotiate with a Win98/ME box the domain is "".
Having a domain = "" causes no issues for 98/ME, which is why this
problem hasn't surfaced previously.
Regards,
Matthew
Allen, Michael B (RSCH) wrote:
> No, the Negotiate response.
>
> If you look at the capture in cifs-winme.pcap you can see that in the
> negotiate response there is simply no domain. If you capture a response
> from a later version of windows, there is the domain (as per the CIFS
> standard).
>
> The NetServerEnum2 request was more of a distraction as it turned out,
> the damage had already been done by the Negotiate.
>
> With that extra bit of information, the rest of my previous email
> remains true.
>
>
> I see. This is actually just a bug in jCIFS. If the byteCount is not greater than
> the 8 byte challenge then we should not try and decode a domain name. This
> is easily fixed by throwing an if( byteCount > encryptionKeyLength ) ... else
> oemDomainName = new String() around that domain name decoder in
> readBytesWireFormat of SmbComNegotiateResponse. The question is -- what
> will happen when we pass "" as the domain name in the NetSeverEnum2? Can
> you try it?
>
> http://users.erols.com/jcifs/jcifs-0.7.0b9dom.jar
>
>
>
--
Matthew Tippett - matthew.tippett at sympatico.ca - (416) 435-4118
Technology Forum - http://www.technology-forum.org/
Commercial Open Source - http://www.commercialos.org/
More information about the jcifs
mailing list