Bug 476 - nmbd: Error in encoding and comparing NB names.
Summary: nmbd: Error in encoding and comparing NB names.
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 2.2
Classification: Unclassified
Component: nmbd (show other bugs)
Version: 2.2.8a
Hardware: All All
: P3 normal
Target Milestone: ---
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-18 13:15 UTC by darland
Modified: 2004-02-17 08:45 UTC (History)
0 users

See Also:


Attachments
tcpdump of registration request and response. (512 bytes, application/octet-stream)
2003-09-18 13:19 UTC, darland
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description darland 2003-09-18 13:15:27 UTC
Originally filed as bug ID 28805, but no longer appears in database, what happened?

Synopsis: NetBIOS names with embedded null bytes are improperly truncated.

Reproduction:
  Setup:
    Samba acting as a WINS server.
    DAVE 4.1 client for MacOSX.
    tcpdump in progress.

  Change the DAVE client WINS address to point to the Samba WINS server. To
verify if the machine is a WINS server DAVE sends
*DAVE_NSCHECK<00><00><ff>
group registration and waits to see if the potential WINS server responds
correctly.  Samba replies with a success, but the answers section of the packet
has the name *DAVE_NSCHECK<20><20><ff>.  The DAVE client
discards the packet due
to the mismatched name, and eventually reports that the machine is not a WINS
server.
  I have a tcpdump of the problem if needed, but don't know how to add
attachments to bug report.

Analysis:
  NetBIOS names arriving from the network should be treated as oqaque 16 byte
structures( the RFC1001 makes no requirement that they be null terminated
strings ). A number of 3rd party clients and servers embed binary data into
their NetBIOS names.
  Microsoft WINS implementations behave correctly in this scenario.

  The Samba code in question:
    nmblib.c:put_nmb_name() and nmb_name_equal().
    Other areas where strcmp() is being used instead of nmb_name_equal()?

Additional info:
  DAVE 4.1 available at www.thursby.com
Comment 1 darland 2003-09-18 13:19:24 UTC
Created attachment 152 [details]
tcpdump of registration request and response.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-02-17 08:45:52 UTC
Sorry, but the 2.2 is not under development any longer.
If you can reproduce this bug against the latest 3.0 release, 
please reopen this bug and change the version in the report.
Thanks.