[jcifs] jcifs-0.7.19 released

Michael B Allen mba2000 at ioplex.com
Fri Jan 23 04:37:55 GMT 2004


Thu Jan 22 23:00:10 EST 2004
jcifs-0.7.19 released

It  was  discovered  that  signing doesn't work under certain conditions. A
field  in  SmbComNTCreateAndX  was  not  being  decoded, the read buffer of
SmbComReadAndX was being ignored, and the sign() and verify() routines need
synchronization  to  prevent them from being called at the same time. These
problems  have  been  fixed but there is still another very obscure signing
error   that   was   not   fixed.   It   may  be  a  bug  in  Windows.  See
docs/signprob.txt.

--8<--
part of docs/signprob.txt posted to CIFSDICUSS and samba-technical:

It's always a readandx response after a writeandx when reading and writing
to the same host (different transports or multiplexed over the same one
doesn't matter). If the ACKs of a response piggie-back on the next SMB,
verification is ok. Meaning, if there's a quick succession of read,
write, read, write, ... after about 20 there's enough delay that an ACK
get's in there and verification fails. If I add a 100ms delay between
each message signature verification fails reproducibly after the second
readandx It looks like this:

  <tcon preamble>
  send: readandx
  recv: readandx resp
  ACK
  send: writeandx
  recv: writeandx resp
  ACK
  send: readandx
  recv: readandx resp <- Unverifiable signature

Every time.

Of course I've been through the obvious stuff like double checking the
byte counts passed to the digest. I've designed the test program so
it just reads 32 bytes of 'I' and writes 32 bytes of 'O' so it's not
the payload.  If I ignore that readandx response verification failure
the program completes without error. So the sequence counter or other
long term state isn't getting mixed up.


More information about the jcifs mailing list