11806 SMB server sends malformed responses on error
Review Request #2392 — Created Oct. 11, 2019 and submitted
The SMB2 dispatch code can emit partially constructed responses if a request handler returns SDRC_ERROR. This is easily observed over WireShark when running the WPTS (Windows Protocol Test Suites). One particular test case shows this very clearly: the InvalidCreateRequestStructureSize test found in the CreateClose section.
Ran WPTS and observed the traffic with WireShark. After applying the fix the SMB server no longer sends malformed responses.
Also, I don't see it in the bug, but can you please attach an example of the malformatted packet?
I'd also like to see analysis of what's wrong with the packet and how that happened.
e.g. did we neglect to put some data after the header by not calling puterror, or what?
usr/src/uts/common/fs/smbsrv/smb2_dispatch.c (Diff revision 1)
The intent with testing smb2_status == 0
was that some handlers might set that.
I'd suggest instead just adding the
smb2sr_put_error after the if body,
and pass sr->smb2_status instead.
Move smb2sr_put_error call outside of the if block.
Revision 2 (+3 -2)