libcli/smb: allow unexpected padding in SMB2 READ responses

Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:

    commit 4c6c71e137
    Author:     Stefan Metzmacher <metze@samba.org>
    AuthorDate: Thu Jan 14 17:32:15 2021 +0100
    Commit:     Volker Lendecke <vl@samba.org>
    CommitDate: Fri Jan 15 08:36:34 2021 +0000

        libcli/smb: allow unexpected padding in SMB2 IOCTL responses

        A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
        offset that's already 8 byte aligned.

        RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

        Pair-Programmed-With: Volker Lendecke <vl@samba.org>

        Signed-off-by: Stefan Metzmacher <metze@samba.org>
        Signed-off-by: Volker Lendecke <vl@samba.org>

        Autobuild-User(master): Volker Lendecke <vl@samba.org>
        Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184

RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184

libcli/smb/smb2cli_read.c

@@ -90,8 +90,13 @@ static void smb2cli_read_done(struct tevent_req *subreq)
 		tevent_req_data(req,
 		struct smb2cli_read_state);
 	NTSTATUS status;
+	NTSTATUS error;
 	struct iovec *iov;
+	const uint8_t dyn_ofs = SMB2_HDR_BODY + 0x10;
+	DATA_BLOB dyn_buffer = data_blob_null;
 	uint8_t data_offset;
+	DATA_BLOB data_buffer = data_blob_null;
+	uint32_t next_offset = 0; /* this variable is completely ignored */
 	static const struct smb2cli_req_expected_response expected[] = {
 	{
 		.status = STATUS_BUFFER_OVERFLOW,
@@ -117,14 +122,23 @@ static void smb2cli_read_done(struct tevent_req *subreq)
 	data_offset = CVAL(iov[1].iov_base, 2);
 	state->data_length = IVAL(iov[1].iov_base, 4);
 
-	if ((data_offset != SMB2_HDR_BODY + 16) ||
+	dyn_buffer = data_blob_const((uint8_t *)iov[2].iov_base,
-	    (state->data_length > iov[2].iov_len)) {
+				     iov[2].iov_len);
-		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+
+	error = smb2cli_parse_dyn_buffer(dyn_ofs,
+					 dyn_buffer,
+					 dyn_ofs, /* min_offset */
+					 data_offset,
+					 state->data_length,
+					 dyn_buffer.length, /* max_length */
+					 &next_offset,
+					 &data_buffer);
+	if (tevent_req_nterror(req, error)) {
 		return;
 	}
 
 	state->recv_iov = iov;
-	state->data = (uint8_t *)iov[2].iov_base;
+	state->data = data_buffer.data;
 
 	state->out_valid = true;
 

selftest/knownfail.d/smb2-read-bug14607

@@ -1 +0,0 @@
-samba3.smb2.read.bug14607