[jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)

[Allen, Michael B (RSCH)]

Ok. Good. Thanks.

> -----Original Message-----
> From:	Matthew Tippett [SMTP:matthew.tippett at sympatico.ca]
> Sent:	Wednesday, December 04, 2002 12:20 AM
> To:	jcifs at lists.samba.org
> Subject:	Re: [jcifs] Domain Corruption Quantified (Win98/ME non-compliance with CIFS std)
> 
> The behaviour if the buffer area is unused results in the same 
> behaviour.  Java initialises the byte array as an array of zeros.
> Thus after a negotiate with a Win98/ME box the domain is "".
> 
> Having a domain = "" causes no issues for 98/ME, which is why this 
> problem hasn't surfaced previously.
> 
> Regards,
> 
> Matthew
> 
> Allen, Michael B (RSCH) wrote:
> > No, the Negotiate response.
> > 
> > If you look at the capture in cifs-winme.pcap you can see that in the 
> > negotiate response there is simply no domain.  If you capture a response 
> > from a later version of windows, there is the domain (as per the CIFS 
> > standard).
> > 
> > The NetServerEnum2 request was more of a distraction as it turned out, 
> > the damage had already been done by the Negotiate.
> > 
> > With that extra bit of information, the rest of my previous email 
> > remains true.
> > 
> > 
> > 	I see. This is actually just a bug in jCIFS. If the byteCount is not greater than
> > 	the 8 byte challenge then we should not try and decode a domain name. This
> > 	is easily fixed by throwing an if( byteCount > encryptionKeyLength ) ... else
> > 	oemDomainName = new String() around that domain name decoder in
> > 	readBytesWireFormat of SmbComNegotiateResponse. The question is -- what
> > 	will happen when we pass "" as the domain name in the NetSeverEnum2? Can
> > 	you try it?
> > 
> > 	  http://users.erols.com/jcifs/jcifs-0.7.0b9dom.jar
> > 
> > 
> > 
> 
> -- 
> Matthew Tippett - matthew.tippett at sympatico.ca - (416) 435-4118
> Technology Forum - http://www.technology-forum.org/
> Commercial Open Source - http://www.commercialos.org/
>