Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix file length not matching file name because of multi-byte UTF-16 #1859

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix file length not matching file name because of multi-byte UTF-16 #1859

wants to merge 1 commit into from

Conversation

rtpt-romankarwacik
Copy link

Fixes #1796

Before, filenames with multi-byte symbols such as emojis cut off the filename in several cases:
Screenshot from 2024-12-05 09-41-30

There are still some of these left in the code, but I did not know if the encoding can be assumed in those cases, whereas in the cases I fixed it was already assumed to be UTF-16LE

Here is a rough grep for the remaining cases:

$ grep -REn "len\([^)]*\)\*2"
impacket/dcerpc/v5/samr.py:2838:        samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.encode('utf-16le')
impacket/dcerpc/v5/samr.py:2841:        samUser['Buffer'] = b'A'*(512-len(newPassword)*2) + newPassword.decode(sys.getfilesystemencoding()).encode('utf-16le')
impacket/dcerpc/v5/samr.py:2843:    samUser['Length'] = len(newPassword)*2
impacket/dcerpc/v5/dcom/oaut.py:276:            self['cBytes'] = len(value)*2
impacket/dcerpc/v5/dtypes.py:384:            self['Length'] = len(value)*2
impacket/dcerpc/v5/dtypes.py:385:            self['MaximumLength'] = len(value)*2
impacket/examples/ntlmrelayx/utils/shadow_credentials.py:108:    return "B:%d:%s:%s" % (len(binaryData)*2,hexdata,owner)
impacket/smb.py:927:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:956:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:987:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:1015:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:1030:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:1053:        ('FileNameLength','<L-FileName','len(FileName)*2'),
impacket/smb.py:1077:        ('FileNameLength','<B-FileName','len(FileName)*2'),
examples/karmaSMB.py:389:        ntCreateRequest['NameLength'] = len(targetFile)*2
tests/dcerpc/test_samr.py:326:        #entry.fields['MaximumLength'] = len('Administrator\x00')*2
tests/dcerpc/test_samr.py:2288:        samUser['Buffer'] = b'A'*(512-len(newPwd)*2) + newPwd.encode('utf-16le')
tests/dcerpc/test_samr.py:2289:        samUser['Length'] = len(newPwd)*2
tests/dcerpc/test_scmr.py:127:           self.assertEqual(arrayData[offset:][:len(changeDone)*2].decode('utf-16le'), changeDone)
tests/dcerpc/test_rrp.py:216:        request['cbData'] = len(self.test_value_data)*2
tests/misc/test_structure.py:81:            ('code1', '>L=len(arr1)*2+0x1000'),
tests/misc/test_structure.py:191:            ('leni', '<L=len(uno)*2'),

@anadrianmanrique anadrianmanrique added the bug Unexpected problem or unintended behavior label Dec 5, 2024
alexisbalbachan
alexisbalbachan requested changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@alexisbalbachan alexisbalbachan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, everything looks great, i've requested some minor corrections to avoid repeating code

impacket/smb3.py
@@ -1171,7 +1171,7 @@ def connectTree(self, share):

treeConnect = SMB2TreeConnect()
treeConnect['Buffer'] = path.encode('utf-16le')
treeConnect['PathLength'] = len(path)*2
treeConnect['PathLength'] = len(path.encode('utf-16le'))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
treeConnect['PathLength'] = len(path.encode('utf-16le'))
treeConnect['PathLength'] = len(treeConnect['Buffer'])

impacket/smb3.py
Comment on lines +1473 to 1474
queryDirectory['FileNameLength'] = len(searchString.encode('utf-16le'))
queryDirectory['Buffer'] = searchString.encode('utf-16le')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
queryDirectory['FileNameLength'] = len(searchString.encode('utf-16le'))
queryDirectory['Buffer'] = searchString.encode('utf-16le')
queryDirectory['Buffer'] = searchString.encode('utf-16le')
queryDirectory['FileNameLength'] = len(queryDirectory['Buffer'])

impacket/smb3.py
Comment on lines +1721 to 1722
renameReq['FileNameLength'] = len(newPath.encode('utf-16le'))
renameReq['FileName'] = newPath.encode('utf-16le')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
renameReq['FileNameLength'] = len(newPath.encode('utf-16le'))
renameReq['FileName'] = newPath.encode('utf-16le')
renameReq['FileName'] = newPath.encode('utf-16le')
renameReq['FileNameLength'] = len(renameReq['FileName'])

impacket/smb3.py
Comment on lines +1967 to 1969
pipeWait['NameLength'] = len(pipename.encode('utf-16le'))
pipeWait['TimeoutSpecified'] = 1
pipeWait['Name'] = pipename.encode('utf-16le')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
pipeWait['NameLength'] = len(pipename.encode('utf-16le'))
pipeWait['TimeoutSpecified'] = 1
pipeWait['Name'] = pipename.encode('utf-16le')
pipeWait['Name'] = pipename.encode('utf-16le')
pipeWait['NameLength'] = len(pipeWait['Name'] )
pipeWait['TimeoutSpecified'] = 1

@alexisbalbachan alexisbalbachan added the waiting for response Further information is needed from people who opened the issue or pull request label Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexisbalbachan alexisbalbachan alexisbalbachan requested changes

Assignees

@alexisbalbachan alexisbalbachan

Labels
bug Unexpected problem or unintended behavior waiting for response Further information is needed from people who opened the issue or pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Impacket smbclient doesn't handle emojis well.
3 participants
@rtpt-romankarwacik @alexisbalbachan @anadrianmanrique