Originally filed as bug ID 28805, but no longer appears in database, what happened? Synopsis: NetBIOS names with embedded null bytes are improperly truncated. Reproduction: Setup: Samba acting as a WINS server. DAVE 4.1 client for MacOSX. tcpdump in progress. Change the DAVE client WINS address to point to the Samba WINS server. To verify if the machine is a WINS server DAVE sends *DAVE_NSCHECK<00><00><ff> group registration and waits to see if the potential WINS server responds correctly. Samba replies with a success, but the answers section of the packet has the name *DAVE_NSCHECK<20><20><ff>. The DAVE client discards the packet due to the mismatched name, and eventually reports that the machine is not a WINS server. I have a tcpdump of the problem if needed, but don't know how to add attachments to bug report. Analysis: NetBIOS names arriving from the network should be treated as oqaque 16 byte structures( the RFC1001 makes no requirement that they be null terminated strings ). A number of 3rd party clients and servers embed binary data into their NetBIOS names. Microsoft WINS implementations behave correctly in this scenario. The Samba code in question: nmblib.c:put_nmb_name() and nmb_name_equal(). Other areas where strcmp() is being used instead of nmb_name_equal()? Additional info: DAVE 4.1 available at www.thursby.com
Created attachment 152 [details] tcpdump of registration request and response.
Sorry, but the 2.2 is not under development any longer. If you can reproduce this bug against the latest 3.0 release, please reopen this bug and change the version in the report. Thanks.