Win2K: Primary Domain Fld of Ssn Setup Not Properly Zero Term'd

Sun, 25 Aug 2002 18:40:29 -0700 

Clients should not check for *two* zero bytes after the Primary Domain field Unicode 
string
in SMB_COM_SESSION_SETUP_ANDX. You may only get *one* 0x00 byte. I'm almost
glad this is a bug in Win2K, I thought this was a bug in jCIFS. At least I have two 
articles of
evidence suggesting the bug is with Win2K. One is inlined here and the other is a PNG 
of a
pcap.

Aug 21 06:58:52.472 - bad string
00000: FF 53 4D 42 73 00 00 00 00 98 01 80 00 00 00 00  |ÿSMBs...........|
00010: 00 00 00 00 00 00 00 00 05 88 56 34 01 F8 04 00  |..........V4.ø..|
00020: 03 75 00 81 00 00 00 58 00 7C 57 00 69 00 6E 00  |.u.....X.|W.i.n.|
00030: 64 00 6F 00 77 00 73 00 20 00 35 00 2E 00 30 00  |d.o.w.s. .5...0.|
00040: 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00  |..W.i.n.d.o.w.s.|
00050: 20 00 32 00 30 00 30 00 30 00 20 00 4C 00 41 00  | .2.0.0.0. .L.A.|
00060: 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 00 65 00  |N. .M.a.n.a.g.e.|
00070: 72 00 00 00 44 00 49 00 56 00 49 00 4E 00 45 00  |r...D.I.V.I.N.E.|
00080: 00 30 2D 4E 00 57 65 73 74 20 63 6F 70 79 20 73  |.0-N.West copy s|
                                                          ^
00090: 70 6F 74 00 43 75 62 65 20 31 30 31 30 20 43 6F  |pot.Cube 1010 Co|
000A0: 6C 6F 72 00 43 75 62 65 20 32 30 30 32 00 4F 66  |lor.Cube 2002.Of|
000B0: 66 69 63 65 20 32 30 33 2D 53 00 4C 6F 67 6F 6E  |fice 203-S.Logon|
000C0: 20 73 65 72 76 65 72 20 73 68 61 72 65 20 00 4F  | server share .O|
000D0: 66 66 69 63 65 20 31 30 30 34 00 4F 66 66 69 63  |ffice 1004.Offic|
000E0: 65 20 53 2D 32 30 36 00 4F 66 66 69 63 65 20 32  |e S-206.Office 2|
000F0: 30 35 2D 53 00 22 45 76 65 6E 74 20 6C 6F 67 67  |05-S."Event logg|

Actually, I should mention that in both cases these are
SMB_COM_SESSION_SETUP_ANDX responses with an
SMB_COM_TREE_CONNECT_ANDX response batched right after it. The PrimaryDomain
field is the last in this package. You can see the junk (NetShareEnum remarks) from 
when
the buffer was used previously but this is only because the
SMB_COM_TREE_CONNECT_ANDX has not been decoded yet (which I thought might be
concurrency issue in my implementation *phew*). This condition is also a little elusive
which leads me to believe padding might also be involved meaning the lengths of
preceding strings might need to be aligned just so but I haven't investigated that.

 <<nozero.png>>

Attachment: nozero.png
Description: Binary data

Reply via email to