[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)

Matthew Tippett matthew.tippett at sympatico.ca
Wed Dec 4 16:19:37 EST 2002

The behaviour if the buffer area is unused results in the same 
behaviour.  Java initialises the byte array as an array of zeros.
Thus after a negotiate with a Win98/ME box the domain is "".

Having a domain = "" causes no issues for 98/ME, which is why this 
problem hasn't surfaced previously.



Allen, Michael B (RSCH) wrote:
> No, the Negotiate response.
> If you look at the capture in cifs-winme.pcap you can see that in the 
> negotiate response there is simply no domain.  If you capture a response 
> from a later version of windows, there is the domain (as per the CIFS 
> standard).
> The NetServerEnum2 request was more of a distraction as it turned out, 
> the damage had already been done by the Negotiate.
> With that extra bit of information, the rest of my previous email 
> remains true.
> 	I see. This is actually just a bug in jCIFS. If the byteCount is not greater than
> 	the 8 byte challenge then we should not try and decode a domain name. This
> 	is easily fixed by throwing an if( byteCount > encryptionKeyLength ) ... else
> 	oemDomainName = new String() around that domain name decoder in
> 	readBytesWireFormat of SmbComNegotiateResponse. The question is -- what
> 	will happen when we pass "" as the domain name in the NetSeverEnum2? Can
> 	you try it?
> 	  http://users.erols.com/jcifs/jcifs-0.7.0b9dom.jar

Matthew Tippett - matthew.tippett at sympatico.ca - (416) 435-4118
Technology Forum - http://www.technology-forum.org/
Commercial Open Source - http://www.commercialos.org/

More information about the jcifs mailing list