[jcifs] Unverifiable Signature when using SmbFileInputStreaminWin2k3

Michael Kerley michael at enkoo.com
Fri Apr 2 18:43:20 GMT 2004

> -----Original Message-----
> From: Michael B Allen [mailto:mba2000 at ioplex.com]
> Sent: Friday, April 02, 2004 9:59 AM
> To: Gary Rambo
> Cc: Michael Kerley; jcifs at samba.org
> Subject: RE: [jcifs] Unverifiable Signature when using
> SmbFileInputStreaminWin2k3
> Gary Rambo said:
> > I'm seeing similar behavior: the computed signature doesn't match the
> > signature in the NT Create AndX Response packet. If I ignore the
> signature
> > verification failure and continue, each subsequent Read AndX response
> > signature also fails to match the computed signature, except for the
> > closing (zero-byte) Read AndX response signature, which does match the
> > computed value.
> What do you mean exactly by "doesn't match"? Do you just mean the
> signature fails? I don't see how you could know what the server computed
> for the NT Create AndX Response packet. Are you saying you've found a
> discrepency? When I explored this problem I reduced the inputs so that I
> was only reading and writing a few known bytes (e.g. 20 'x') and verified
> the signatures manually for everything. I only did it once though. I could
> add a delay at strategic points and get it to reproducibly succeed or fail
> on the same message depending on the where the delay was.
> Also, did I hear Michael correctly that traffic to the server from a
> *different* host can cause signature varification failure? That's a
> troubling twist. Did you get a capture on the server for that one? Can I
> see it?
> Mike

Yes, unfortunately you heard right.  As Gary said, if I ignore the invalid
signature things proceed just fine.  I verified that the file contents are
identical whether there are 100% valid signatures or if there are some
invalid ones.  (Although our QA guy tells me that if two separate transfers
are started, they will both run for a while and then randomly die - I have
yet to test this.  When I do, I'll get a capture).

I'll send you the capture where the second traffic corrupts the signatures.


More information about the jcifs mailing list