Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd

Luke Kenneth Casson Leighton lkcl at samba-tng.org
Mon Aug 26 02:54:04 GMT 2002 

On Sun, Aug 25, 2002 at 10:02:49PM -0400, Allen, Michael B (RSCH) wrote:

> Clients should not check for *two* zero bytes after the Primary Domain field Unicode string
> in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost
> glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two articles of
> evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG of a
> pcap.
> 
> Aug 21 06:58:52.472 - bad string
> 00000: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00  |?SMBs...........|
> 00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00  |..........V4.?..|
> 00020: 03 75 00 81 00 00 00 58 00 7C                    |.u.....X.|       
 len1 = 0x58; len2=0x7c    ^^^^^ ^^^^^  
>                                      57 00 69 00 6E 00             W.i.n.|
> 00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00  |d.o.w.s. .5...0.|
> 00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00  |..W.i.n.d.o.w.s.|
> 00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00  | .2.0.0.0. .L.A.|
> 00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00  |N. .M.a.n.a.g.e.|
> 00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00  |r...D.I.V.I.N.E.|
> 00080: 00 30                                            |.0

 0x58 length ends here.

 well, whoopidedoo, that happens to be absolutely spot-on.

 don't know what the 0x7c is about: it's either an incorrectly-specified
 "max" length of the Unicode UCS16 string, or it's something else.

 more examples would help isolate that.


 now.

 who do i send the bill to for my time?



>              2D 4E 00 57 65 73 74 20 63 6F 70 79 20 73     -N.West copy s|
> 00090: 70 6F 74 00 43 75 62 65 20 31 30 31 30 20 43 6F  |pot.Cube 1010 Co|
> 000A0: 6C 6F 72 00 43 75 62 65 20 32 30 30 32 00 4F 66  |lor.Cube 2002.Of|
> 000B0: 66 69 63 65 20 32 30 33 2D 53 00 4C 6F 67 6F 6E  |fice 203-S.Logon|
> 000C0: 20 73 65 72 76 65 72 20 73 68 61 72 65 20 00 4F  | server share .O|
> 000D0: 66 66 69 63 65 20 31 30 30 34 00 4F 66 66 69 63  |ffice 1004.Offic|
> 000E0: 65 20 53 2D 32 30 36 00 4F 66 66 69 63 65 20 32  |e S-206.Office 2|
> 000F0: 30 35 2D 53 00 22 45 76 65 6E 74 20 6C 6F 67 67  |05-S."Event logg|

More information about the samba-technical mailing list