[jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile constructor

Paul Ling drpaulling at msn.com
Tue Dec 12 23:03:11 GMT 2006 

What's your means? not escaped?

If use the such URL:
     smb://administrator:ab%mx@10.10.1.140/record
then you will get the following exception at first SmbFile contructor call.

java.net.MalformedURLException: For input string: "mx"
	at java.net.URL.<init>(URL.java:601)
	at jcifs.smb.SmbFile.<init>(SmbFile.java:437)

If escaped the password in URL string, you will get the same exception at 
second SmbFile Contructor call.  Is it not a problem?

Paul Ling

>From: Michael B Allen <mba2000 at ioplex.com>
>To: "Paul Ling" <drpaulling at msn.com>
>Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about SmbFile 
>constructor
>Date: Tue, 12 Dec 2006 15:54:05 -0500
>
>Ok, so it's not escaped. Whatever the URL class wants is what SmbFile
>accepts. See the API documentation for the URL class.
>
>Also, you should never use credentials in the URL anyway. Use the
>NtlmPasswordAuthentication class.
>
>Mike
>
>PS: Please send all messages to the jcifs mailing list.
>
>On Wed, 13 Dec 2006 03:32:20 +0800
>"Paul Ling" <drpaulling at msn.com> wrote:
>
> > Michael:
> >
> > Please try the following code sample, the real password is "ab%mx".
> >
> > try {
> > 	String url = "smb://administrator:ab%25mx@10.10.1.140/record";
> > 	SmbFile smbfile = new SmbFile(url);
> > 	SmbFile subfile = new SmbFile(smbfile, "write.txt");
> > } catch (IOException e) {
> > 	e.printStackTrace();
> > }
> >
> >
> >
> > >From: Michael B Allen <mba2000 at ioplex.com>
> > >To: "Paul Ling" <drpaulling at msn.com>
> > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about 
>SmbFile
> > >constructor
> > >Date: Mon, 11 Dec 2006 13:56:31 -0500
> > >
> > >This uses the URI class. If you find a problem using URL, let us know.
> > >
> > >Mike
> > >
> > >On Tue, 12 Dec 2006 02:25:18 +0800
> > >"Paul Ling" <drpaulling at msn.com> wrote:
> > >
> > > > Code Sample
> > > > URI uri = new URI("smb", "administrator:%?$ 
>;\\,./:#@*&!^()-+_=|~<>`",
> > > > "10.10.1.140", -1, "/record", null, null);
> > > > SmbFile smbfile = new SmbFile(uri.toASCIIString());
> > > > SmbFile subfile = new SmbFile(smbfile, "write.txt");
> > > >
> > > > you can trace into the second contructor of SmbFile() and get the
> > >following
> > > > exception:
> > > > java.net.MalformedURLException: For input string: "?$"
> > > > at java.net.URL.<init>(URL.java:601)
> > > > at jcifs.smb.SmbFile.<init>(SmbFile.java:457)
> > > >
> > > > I use URI to encoding the URL for SmbFile only. If you don't want to 
>use
> > >it,
> > > > you can send escaped URL string to the first SmbFile contructor. If 
>I
> > >send
> > > > the escaped password in this sample then the server of the shared 
>folder
> > > > will verify password failed.
> > > >
> > > >
> > > > >From: Michael B Allen <mba2000 at ioplex.com>
> > > > >To: "Paul Ling" <drpaulling at msn.com>
> > > > >CC: jcifs at lists.samba.org
> > > > >Subject: Re: [jcifs] there is a mistake in jcifs-1.2.9.jar about
> > >SmbFile
> > > > >constructor
> > > > >Date: Sat, 9 Dec 2006 00:43:17 -0500
> > > > >
> > > > >On Sat, 09 Dec 2006 09:08:24 +0800
> > > > >"Paul Ling" <drpaulling at msn.com> wrote:
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > I think there is a mistake in jcifs-1.2.9.jar about SmbFile
> > >Constructor
> > > > >that
> > > > > > accept a parent SmbFile and sub name as parameter, if the parent
> > >SmbFile
> > > > >has
> > > > > > user password and the password include the charactors "%,?,
> > > > > > ,\,/,#,@,^,|,<,>,`,Tab".
> > > > > >
> > > > > > The reason is at jcifs.smb.Handler.parseURL(), Line 94:
> > > > > >         try {
> > > > > >             userinfo = unescape( userinfo );
> > > > > >         } catch( UnsupportedEncodingException uee ) {
> > > > > >         }
> > > > > >
> > > > > > The userInfo of java.net.URL has been unescaped. it should not 
>be
> > > > >unescape
> > > > > > here again.
> > > > >
> > > > >Since when? I distinctly recall users escaping these characters so 
>if
> > > > >what you say is true they would have reported this problem long 
>ago.
> > >Can
> > > > >you post a very simple example that clearly illustrates the 
>failure?
> > >One
> > > > >that does not use java.net.URI?
> > > > >
> > > > > > BTW, the userInfo of java.net.URI is escaped.
> > > > >
> > > > >I think switching to URI could be dangerous since java.net.URL is
> > >hooked
> > > > >deeply into these APIs. Any change in semantics and we could be 
>trying
> > >to
> > > > >hash out subtle bugs for weeks. That sounds like something for 
>JCIFS
> > >2.0.
> > > > >
> > > > >--
> > > > >Michael B Allen
> > > > >PHP Active Directory SSO
> > > > >http://www.ioplex.com/
> > > >
> > > > _________________________________________________________________
> > > > Express yourself instantly with MSN Messenger! Download today it's 
>FREE!
> > > > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > > >
> > >
> > >
> > >--
> > >Michael B Allen
> > >PHP Active Directory SSO
> > >http://www.ioplex.com/
> >
> > _________________________________________________________________
> > FREE pop-up blocking with the new MSN Toolbar - get it now!
> > http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> >
>
>
>--
>Michael B Allen
>PHP Active Directory SSO
>http://www.ioplex.com/

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

More information about the jcifs mailing list