Use AceSize field when reading ACEs #696
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes issue seen in the wild where unnecessary padding at the end of an ACE confused Smbj (but not Windows).
|
Great find, thanks! I've approved the checks. |
hierynomus
approved these changes
Feb 10, 2022
hierynomus
pushed a commit
that referenced
this pull request
May 8, 2023
Fixes issue seen in the wild where unnecessary padding at the end of an ACE confused Smbj (but not Windows).
hierynomus
added a commit
that referenced
this pull request
Jul 3, 2023
* Ignore VSCode * Add NtStatus.STATUS_UNSUCCESSFUL * Add NtStatus.STATUS_INSUFF_SERVER_RESOURCES (#611) * Add NtStatus.STATUS_IO_REPARSE_TAG_NOT_HANDLED (#514) * Update gradle build * Update release plugin * Release version: 0.11.0 * Fix signing task dependency * Release version: 0.11.1 * Use BCSecurityProvider by default for SMB3 compatibility (Fixes #638) * Ensure DFS Path Referral times out after transactTimeout (Fixes #578) * Only add DFSPathResolver if both client and server support DFS (#640) * Only add DFSPathResolver if both client and server support DFS * Fix indentation problems * Fix incorrectly reformatted javadoc * Format using java formatter * One more indentation fix * Upgrade Bouncy Castle to 1.68 to fix vulnerability report (#641) * address issue #604 - stop closing the dfs share connection immediately. (#609) * stop closing the dfs share connection immediately. * Add explanatory comment Co-authored-by: Jeroen van Erp <[email protected]> * Add support for unregistering server from serverlist (Fixes #644) (#647) * Add support for unregistering server from serverlist (Fixes #644) * Fix indentation * Reducing logging for smb3 (#650) For each smb3 packet there's an info log message which produces a tremendous amount of output. I would suggest to reduce log level to debug (or trace; similarly as in one of the other packet reciever classes). * Consolidate SMBv1 error messages * Upgrade BouncyCastle to 1.69 * Release version: 0.11.2 * Ensure artifact is signed * Release version: 0.11.3 * Fix #665: Allow JCE KDF to work (#666) * Fix #665: Allow JCE KDF to work * Add header * Add KDF unit test * Use correct maxPayloadSize for encrypted packets (Fixes #668) (#683) * Read fileId as long (#693) * Read fileId of FileIdBothDirectoryInformation into a long * Read fileId of FileIdFullDirectoryInformation into a long * File the issue that nested folder creation throw NAME EXIST error. (#685) * File the issue that nested folder creation throw NAME EXIST error. * formatting * Updated build status badges (#684) - Added GitHub badge for Build SMBJ - Corrected Codacy badge link - Removed bintray badge link - Removed Travis CI badge and configuration - Removed Java profiler link - Removed CircleCI configuration - Removed unused github-ci configuration * Use AceSize field when reading ACEs (#696) Fixes issue seen in the wild where unnecessary padding at the end of an ACE confused Smbj (but not Windows). * Ensure that enough bytes are cached from InputStream to get a correct bytesLeft count for SMB2Write (fixes #669) * GzipOutputStream integration test * Ensure that enough bytes are cached from InputStream to get a correct bytesLeft count for SMB2Write Co-authored-by: Stanislav Kardashov <[email protected]> Co-authored-by: Jeroen van Erp <[email protected]> * Add GH workflow for publishing * Update dependencies and build file * Rename test class to *Spec * Release version: 0.11.5 * Use the hostname part of the TargetHint for DFS step 9 (fixes \#419) (#722) * Slightly reduce the locking in Connection.send and DirectTcpTransport (fixes \#732) * Fixed indentation * Converting bytes written to long (Fixes #740) Signed-off-by: Jeroen van Erp <[email protected]> * Upgrading gradle to 8.0.2 Signed-off-by: Jeroen van Erp <[email protected]> * Add Implementation manifest attributes (Fixes #743) * Revert accidental comment of integration docker tasks * Do not send SMB2EncryptionCapabilities NegotiationContext is !isEncry… (#752) * Do not send SMB2EncryptionCapabilities NegotiationContext is !isEncryptionSupported (Fixes #747) * Add test for SMB2EncryptionCapabilities * Add preliminary changelog for new release * Ensure we call flip() on Buffer to avoid Java8 problems (Fixes #705) Signed-off-by: Jeroen van Erp <[email protected]> * Ensure path is set for rmdir to prevent accidents (Fixes #756) Signed-off-by: Jeroen van Erp <[email protected]> * Add support for reading / writing NIO ByteBuffers (#759) * Add support for reading / writing NIO ByteBuffers Currently one can transfer data using streams or array, but it would be great to have the opportunity to use NIO buffers. This adds two new method to the File class that accept a NIO ByteBuffer. * Implemented ByteBuffer write using ByteChunkProvider Signed-off-by: Jeroen van Erp <[email protected]> --------- Signed-off-by: Jeroen van Erp <[email protected]> Co-authored-by: Christoph Läubrich <[email protected]> Co-authored-by: Jeroen van Erp <[email protected]> * Fix some sonatype warnings * resolve conflict with master * Ignore non-semver tags for release workflow * Small warning cleanup Signed-off-by: Jeroen van Erp <[email protected]> * Setup ConnectionContext and AuthenticationContext for NTLM improvements Signed-off-by: Jeroen van Erp <[email protected]> * Refactor TargetInfo/AvPairs * Added null check and rename field * Refactor NtlmFunctions * Change hierarchy of Ntlm messages Signed-off-by: Jeroen van Erp <[email protected]> * Next step of NTLM refactor * NtlmNegotiate sends Domain/Workstation/Version fields * Filter negotiateflags and use clientTargetInfo * Rework keys in NtlmAuthenticator Signed-off-by: Jeroen van Erp <[email protected]> * Change to structure of NtlmAuthenticate Signed-off-by: Jeroen van Erp <[email protected]> * Added last changes Required to put withIntegrity = false still, due to missing mechListMIC Signed-off-by: Jeroen van Erp <[email protected]> --------- Signed-off-by: Jeroen van Erp <[email protected]> Co-authored-by: Nicholas DiPiazza <[email protected]> Co-authored-by: ndimitry <[email protected]> Co-authored-by: Patrick Boyd <[email protected]> Co-authored-by: Hannes <[email protected]> Co-authored-by: pyzhou <[email protected]> Co-authored-by: exceptionfactory <[email protected]> Co-authored-by: Chris Pacejo <[email protected]> Co-authored-by: Stanislav Kardashov <[email protected]> Co-authored-by: Stanislav Kardashov <[email protected]> Co-authored-by: Christoph Läubrich <[email protected]> Co-authored-by: Christoph Läubrich <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes issue seen in the wild where unnecessary padding at the end of an ACE confused Smbj (but not Windows). Per MS-DTYP 2.4.4.1, additional data which is encompassed by an ACE per the AceSize field but which is not interpreted must be ignored.