11806 SMB server sends malformed responses on error

Review Request #2392 — Created Oct. 11, 2019 and submitted Oct. 17, 2019, 12:16 p.m.

Information
Owner:	andy_js
Repository:	illumos-gate
Branch:
Bugs:	11806
Depends On:
Reviewers
Groups:	general
People:	gwr

Description

The SMB2 dispatch code can emit partially constructed responses if a request handler returns SDRC_ERROR. This is easily observed over WireShark when running the WPTS (Windows Protocol Test Suites). One particular test case shows this very clearly: the InvalidCreateRequestStructureSize test found in the CreateClose section.

Testing Done

Ran WPTS and observed the traffic with WireShark. After applying the fix the SMB server no longer sends malformed responses.

Issues

0
0
1
0
All Issues: 1

Description	From	Last Updated
The intent with testing smb2_status == 0 was that some handlers might set that. I'd suggest instead just adding the ...	gwr	Oct. 11, 2019, 3:03 p.m.

Ship it!

```
Ship It!
```

Also, I don't see it in the bug, but can you please attach an example of the malformatted packet?
I'd also like to see analysis of what's wrong with the packet and how that happened.
e.g. did we neglect to put some data after the header by not calling puterror, or what?

Thanks

andy_js Oct. 11, 2019, 3:52 p.m.

I've attached an example to the ticket. And yes, I think that was the problem.

usr/src/uts/common/fs/smbsrv/smb2_dispatch.c (Diff revision 1)

Show all issues

The intent with testing smb2_status == 0
was that some handlers might set that.
I'd suggest instead just adding the
smb2sr_put_error after the if body,
and pass sr->smb2_status instead.