[jcifs] jcifs-0.7.19 released
Michael B Allen
mba2000 at ioplex.com
Fri Jan 23 04:37:55 GMT 2004
Thu Jan 22 23:00:10 EST 2004
jcifs-0.7.19 released
It was discovered that signing doesn't work under certain conditions. A
field in SmbComNTCreateAndX was not being decoded, the read buffer of
SmbComReadAndX was being ignored, and the sign() and verify() routines need
synchronization to prevent them from being called at the same time. These
problems have been fixed but there is still another very obscure signing
error that was not fixed. It may be a bug in Windows. See
docs/signprob.txt.
--8<--
part of docs/signprob.txt posted to CIFSDICUSS and samba-technical:
It's always a readandx response after a writeandx when reading and writing
to the same host (different transports or multiplexed over the same one
doesn't matter). If the ACKs of a response piggie-back on the next SMB,
verification is ok. Meaning, if there's a quick succession of read,
write, read, write, ... after about 20 there's enough delay that an ACK
get's in there and verification fails. If I add a 100ms delay between
each message signature verification fails reproducibly after the second
readandx It looks like this:
<tcon preamble>
send: readandx
recv: readandx resp
ACK
send: writeandx
recv: writeandx resp
ACK
send: readandx
recv: readandx resp <- Unverifiable signature
Every time.
Of course I've been through the obvious stuff like double checking the
byte counts passed to the digest. I've designed the test program so
it just reads 32 bytes of 'I' and writes 32 bytes of 'O' so it's not
the payload. If I ignore that readandx response verification failure
the program completes without error. So the sequence counter or other
long term state isn't getting mixed up.
More information about the jcifs
mailing list