Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd

Luke Kenneth Casson Leighton lkcl at
Mon Aug 26 13:42:00 GMT 2002

On Tue, Aug 27, 2002 at 05:58:19AM +0930, Richard Sharpe wrote:

> Ummm, since SMBs are little endian, 00 58 is a large BCC. Much larger that 
> 0x58.
 1) rubbish.
 encapsulated packets - and SMB is used as a transport for many
 different things (other transports; at least two different
 totally separate RPC mechanisms; unlimited numbers of services;
 encapsulated authentication services which have nothing
 to do with SMB, the whole lot)

 all of these things have their own rules, none of which have
 anything to do with SMB.

 2) ms has got it wrong _so_ many times that just doesn't hold
 true enough for you to make a blanket statement, "smbs are

 3) do your statistics.

 on a sample of one, the statistical probability of 0x00 0x58 just
 _happening_ to be _exactly and coincidentally_ the same as the
 length of the UCS16 string is 1.5e-5 (1 in 65536).

 on a sample of one, assuming instead that it's a single-byte length
 field and that the 0x00 is something else, then that probability is
 0.004 (1 in 256).

 on a sample of two, the probabilities go up to 1e-10 and 1e-5

 on a sample of three, it goes up to 1e-15 and 1e-7orso.

 so, my advice to you [no charge]:
 	change the length of the string, diff the packets.

 _nuts_ to whether ms got it right or not: this is
 you're only looking for "good enough to be convincing".


> > >  who do i send the bill to for my time?
> Hmmm, no comment.
 *cackle* :)

More information about the samba-technical mailing list