1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/smb: allow unexpected padding in SMB2 READ responses

Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:

    commit 4c6c71e137
    Author:     Stefan Metzmacher <metze@samba.org>
    AuthorDate: Thu Jan 14 17:32:15 2021 +0100
    Commit:     Volker Lendecke <vl@samba.org>
    CommitDate: Fri Jan 15 08:36:34 2021 +0000

        libcli/smb: allow unexpected padding in SMB2 IOCTL responses

        A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
        offset that's already 8 byte aligned.

        RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

        Pair-Programmed-With: Volker Lendecke <vl@samba.org>

        Signed-off-by: Stefan Metzmacher <metze@samba.org>
        Signed-off-by: Volker Lendecke <vl@samba.org>

        Autobuild-User(master): Volker Lendecke <vl@samba.org>
        Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184

RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184

(cherry picked from commit 155348cda6)

Autobuild-User(v4-14-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-14-test): Thu Aug 12 09:39:40 UTC 2021 on sn-devel-184
This commit is contained in:
Stefan Metzmacher 2021-06-29 15:42:56 +02:00 committed by Jule Anger
parent a095a2d960
commit 25f3cb8c97
2 changed files with 18 additions and 5 deletions

View File

@ -90,8 +90,13 @@ static void smb2cli_read_done(struct tevent_req *subreq)
tevent_req_data(req,
struct smb2cli_read_state);
NTSTATUS status;
NTSTATUS error;
struct iovec *iov;
const uint8_t dyn_ofs = SMB2_HDR_BODY + 0x10;
DATA_BLOB dyn_buffer = data_blob_null;
uint8_t data_offset;
DATA_BLOB data_buffer = data_blob_null;
uint32_t next_offset = 0; /* this variable is completely ignored */
static const struct smb2cli_req_expected_response expected[] = {
{
.status = STATUS_BUFFER_OVERFLOW,
@ -117,14 +122,23 @@ static void smb2cli_read_done(struct tevent_req *subreq)
data_offset = CVAL(iov[1].iov_base, 2);
state->data_length = IVAL(iov[1].iov_base, 4);
if ((data_offset != SMB2_HDR_BODY + 16) ||
(state->data_length > iov[2].iov_len)) {
tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
dyn_buffer = data_blob_const((uint8_t *)iov[2].iov_base,
iov[2].iov_len);
error = smb2cli_parse_dyn_buffer(dyn_ofs,
dyn_buffer,
dyn_ofs, /* min_offset */
data_offset,
state->data_length,
dyn_buffer.length, /* max_length */
&next_offset,
&data_buffer);
if (tevent_req_nterror(req, error)) {
return;
}
state->recv_iov = iov;
state->data = (uint8_t *)iov[2].iov_base;
state->data = data_buffer.data;
state->out_valid = true;

View File

@ -1 +0,0 @@
samba3.smb2.read.bug14607