[jcifs] SmbFileOutputStream with append=true misbehaving on a certain NAS

Michael B Allen miallen at ioplex.com
Fri Jan 18 03:31:31 GMT 2008 

On Thu, 17 Jan 2008 21:13:25 -0500
"Daniel Tripp" <dtripp at mdisolutions.com> wrote:

> Hello.  I have run into some strange behaviour when using a
> SmbFileOutputStream with append=true.  This behaviour is produced by the
> code below, but only when I try to write to a certain NAS I have in my
> office here; the code runs fine when I write to other network shares around
> the office.  So I am wondering if anyone has seen anything like this before,
> or has any suggestions or other insight into this issue.
> 
>  
> 
> The strange behaviour is that the file produced by the code below is not 2
> bytes, as would be expected.  After running the program, Windows Explorer
> reports the file size as about 900 megs.  The contents of the file produced
> is random garbage which looks suspiciously like the contents of some other
> files that I know to be on this NAS.

Hi Daniel,

This is definitely a bug in the server. And if it's really leaking information as you claim it's a relatively serious security vulnerability. You might want to try updating the server OS or firmware else report it (this is NetApp I suppose?).

But it's also a bug in JCIFS since JCIFS should mimic Windows exactly and presumably there is a protocol sequence emitted by Windows that does yield the correct behavior.

The best course of action is to get a capture of the below code and of Windows doing the right thing with said server. Then we compare in WireShark, find out what JCIFS is doing differently and fix it.

Unfortunately I don't do much for "Free" anymore but if you get the captures I do at least maintain a TODO list (for when I become a millionaire and decide to fix all of these things).

Just curious but does it make any difference if you create a separate SmbFile instance?

Mike

> There is more strangeness (involving an "SmbException: Incorrect function"
> on the appending write) if I try to write more than two bytes, but I won't
> get into that here.
> 
>  
> 
> If I set the append argument to false, then everything behaves normally.
> 
>  
> 
> I am running JCIFS 1.2.17.  Results on java 1.4 and 1.5 are the same.
> 
>  
> 
> Thanks in advance.
> 
>  
> 
>  
> 
> (substitute your own path / username / password values, naturally)
> 
> ----
> 
> import java.io.*;
> 
> import jcifs.smb.*;
> 
>  
> 
> public class Foo {
> 
>   static public void main(String args_[]) throws Exception {
> 
>     String url = "smb://STORAGE-MDI/Dan/"+System.currentTimeMillis()+".txt";
> 
>     NtlmPasswordAuthentication creds
> 
>       = new NtlmPasswordAuthentication("ntdom", "STORAGE-MDI\\Guest",
> "dan");
> 
>     SmbFile file = new SmbFile(url, creds);
> 
>  
> 
>     OutputStream outStream1 = new SmbFileOutputStream(file);
> 
>     outStream1.write((byte)'a');
> 
>     outStream1.close();
> 
>  
> 
>     SmbFileOutputStream outStream2 = new SmbFileOutputStream(file, true);
> 
>     outStream2.write((byte)'x');
> 
>     outStream2.close();
> 
>   }
> 
> }
> 
> ----
> 
>  
> 
>  
> 
>  
> 
> 


-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

More information about the jcifs mailing list