diff --git a/SMBLibrary/RPC/PDU/BindAckPDU.cs b/SMBLibrary/RPC/PDU/BindAckPDU.cs index 262ff11..657c5ae 100644 --- a/SMBLibrary/RPC/PDU/BindAckPDU.cs +++ b/SMBLibrary/RPC/PDU/BindAckPDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -32,14 +32,15 @@ namespace SMBLibrary.RPC AuthVerifier = new byte[0]; } - public BindAckPDU(byte[] buffer) : base(buffer) + public BindAckPDU(byte[] buffer, int offset) : base(buffer, offset) { - int offset = RPCPDU.CommonFieldsLength; + int startOffset = offset; + offset += RPCPDU.CommonFieldsLength; MaxTransmitFragmentSize = LittleEndianReader.ReadUInt16(buffer, ref offset); MaxReceiveFragmentSize = LittleEndianReader.ReadUInt16(buffer, ref offset); AssociationGroupID = LittleEndianReader.ReadUInt32(buffer, ref offset); SecondaryAddress = RPCHelper.ReadPortAddress(buffer, ref offset); - int padding = (4 - (offset % 4)) % 4; + int padding = (4 - ((offset - startOffset) % 4)) % 4; offset += padding; ResultList = new ResultList(buffer, offset); offset += ResultList.Length; diff --git a/SMBLibrary/RPC/PDU/BindPDU.cs b/SMBLibrary/RPC/PDU/BindPDU.cs index efad960..c67a33b 100644 --- a/SMBLibrary/RPC/PDU/BindPDU.cs +++ b/SMBLibrary/RPC/PDU/BindPDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -29,9 +29,9 @@ namespace SMBLibrary.RPC AuthVerifier = new byte[0]; } - public BindPDU(byte[] buffer) : base(buffer) + public BindPDU(byte[] buffer, int offset) : base(buffer, offset) { - int offset = RPCPDU.CommonFieldsLength; + offset += RPCPDU.CommonFieldsLength; MaxTransmitFragmentSize = LittleEndianReader.ReadUInt16(buffer, ref offset); MaxReceiveFragmentSize = LittleEndianReader.ReadUInt16(buffer, ref offset); AssociationGroupID = LittleEndianReader.ReadUInt32(buffer, ref offset); diff --git a/SMBLibrary/RPC/PDU/FaultPDU.cs b/SMBLibrary/RPC/PDU/FaultPDU.cs index 07df1d1..021fe6a 100644 --- a/SMBLibrary/RPC/PDU/FaultPDU.cs +++ b/SMBLibrary/RPC/PDU/FaultPDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -31,9 +31,9 @@ namespace SMBLibrary.RPC AuthVerifier = new byte[0]; } - public FaultPDU(byte[] buffer) : base(buffer) + public FaultPDU(byte[] buffer, int offset) : base(buffer, offset) { - int offset = RPCPDU.CommonFieldsLength; + offset += RPCPDU.CommonFieldsLength; AllocationHint = LittleEndianReader.ReadUInt32(buffer, ref offset); ContextID = LittleEndianReader.ReadUInt16(buffer, ref offset); CancelCount = ByteReader.ReadByte(buffer, ref offset); diff --git a/SMBLibrary/RPC/PDU/RPCPDU.cs b/SMBLibrary/RPC/PDU/RPCPDU.cs index 50cafb5..24c6169 100644 --- a/SMBLibrary/RPC/PDU/RPCPDU.cs +++ b/SMBLibrary/RPC/PDU/RPCPDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -24,7 +24,7 @@ namespace SMBLibrary.RPC public PacketTypeName PacketType; public PacketFlags Flags; public DataRepresentationFormat DataRepresentation; - public ushort FragmentLength; + public ushort FragmentLength; // The length of the entire PDU public ushort AuthLength; public uint CallID; @@ -34,16 +34,16 @@ namespace SMBLibrary.RPC VersionMinor = 0; } - public RPCPDU(byte[] buffer) + public RPCPDU(byte[] buffer, int offset) { - VersionMajor = ByteReader.ReadByte(buffer, 0); - VersionMinor = ByteReader.ReadByte(buffer, 1); - PacketType = (PacketTypeName)ByteReader.ReadByte(buffer, 2); - Flags = (PacketFlags)ByteReader.ReadByte(buffer, 3); - DataRepresentation = new DataRepresentationFormat(buffer, 4); - FragmentLength = LittleEndianConverter.ToUInt16(buffer, 8); - AuthLength = LittleEndianConverter.ToUInt16(buffer, 10); - CallID = LittleEndianConverter.ToUInt32(buffer, 12); + VersionMajor = ByteReader.ReadByte(buffer, offset + 0); + VersionMinor = ByteReader.ReadByte(buffer, offset + 1); + PacketType = (PacketTypeName)ByteReader.ReadByte(buffer, offset + 2); + Flags = (PacketFlags)ByteReader.ReadByte(buffer, offset + 3); + DataRepresentation = new DataRepresentationFormat(buffer, offset + 4); + FragmentLength = LittleEndianConverter.ToUInt16(buffer, offset + 8); + AuthLength = LittleEndianConverter.ToUInt16(buffer, offset + 10); + CallID = LittleEndianConverter.ToUInt32(buffer, offset + 12); } public abstract byte[] GetBytes(); @@ -60,21 +60,21 @@ namespace SMBLibrary.RPC LittleEndianWriter.WriteUInt32(buffer, 12, CallID); } - public static RPCPDU GetPDU(byte[] buffer) + public static RPCPDU GetPDU(byte[] buffer, int offset) { PacketTypeName packetType = (PacketTypeName)ByteReader.ReadByte(buffer, 2); switch (packetType) { case PacketTypeName.Request: - return new RequestPDU(buffer); + return new RequestPDU(buffer, offset); case PacketTypeName.Response: - return new ResponsePDU(buffer); + return new ResponsePDU(buffer, offset); case PacketTypeName.Fault: - return new FaultPDU(buffer); + return new FaultPDU(buffer, offset); case PacketTypeName.Bind: - return new BindPDU(buffer); + return new BindPDU(buffer, offset); case PacketTypeName.BindAck: - return new BindAckPDU(buffer); + return new BindAckPDU(buffer, offset); default: throw new NotImplementedException(); } diff --git a/SMBLibrary/RPC/PDU/RequestPDU.cs b/SMBLibrary/RPC/PDU/RequestPDU.cs index 58d3f06..733f89f 100644 --- a/SMBLibrary/RPC/PDU/RequestPDU.cs +++ b/SMBLibrary/RPC/PDU/RequestPDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -29,9 +29,9 @@ namespace SMBLibrary.RPC AuthVerifier = new byte[0]; } - public RequestPDU(byte[] buffer) : base(buffer) + public RequestPDU(byte[] buffer, int offset) : base(buffer, offset) { - int offset = RPCPDU.CommonFieldsLength; + offset += RPCPDU.CommonFieldsLength; AllocationHint = LittleEndianReader.ReadUInt32(buffer, ref offset); ContextID = LittleEndianReader.ReadUInt16(buffer, ref offset); OpNum = LittleEndianReader.ReadUInt16(buffer, ref offset); diff --git a/SMBLibrary/RPC/PDU/ResponsePDU.cs b/SMBLibrary/RPC/PDU/ResponsePDU.cs index 9c94308..ad9fc15 100644 --- a/SMBLibrary/RPC/PDU/ResponsePDU.cs +++ b/SMBLibrary/RPC/PDU/ResponsePDU.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -29,9 +29,9 @@ namespace SMBLibrary.RPC AuthVerifier = new byte[0]; } - public ResponsePDU(byte[] buffer) : base(buffer) + public ResponsePDU(byte[] buffer, int offset) : base(buffer, offset) { - int offset = RPCPDU.CommonFieldsLength; + offset += RPCPDU.CommonFieldsLength; AllocationHint = LittleEndianReader.ReadUInt32(buffer, ref offset); ContextID = LittleEndianReader.ReadUInt16(buffer, ref offset); CancelCount = ByteReader.ReadByte(buffer, ref offset); diff --git a/SMBLibrary/Server/SMB1/ReadWriteResponseHelper.cs b/SMBLibrary/Server/SMB1/ReadWriteResponseHelper.cs index b7f5915..d75a6b5 100644 --- a/SMBLibrary/Server/SMB1/ReadWriteResponseHelper.cs +++ b/SMBLibrary/Server/SMB1/ReadWriteResponseHelper.cs @@ -182,7 +182,7 @@ namespace SMBLibrary.Server.SMB1 RemoteService service = ((NamedPipeShare)share).GetService(openedFilePath); if (service != null) { - RPCPDU rpcRequest = RPCPDU.GetPDU(data); + RPCPDU rpcRequest = RPCPDU.GetPDU(data, 0); RPCPDU rpcReply = RemoteServiceHelper.GetRPCReply(rpcRequest, service); byte[] replyData = rpcReply.GetBytes(); state.StoreNamedPipeReply(FID, replyData); diff --git a/SMBLibrary/Server/SMB1/TransactionSubcommandHelper.cs b/SMBLibrary/Server/SMB1/TransactionSubcommandHelper.cs index 5c98f78..5fd2660 100644 --- a/SMBLibrary/Server/SMB1/TransactionSubcommandHelper.cs +++ b/SMBLibrary/Server/SMB1/TransactionSubcommandHelper.cs @@ -1,4 +1,4 @@ -/* Copyright (C) 2014 Tal Aloni . All rights reserved. +/* Copyright (C) 2014-2017 Tal Aloni . All rights reserved. * * You can redistribute this program and/or modify it under the terms of * the GNU Lesser Public License as published by the Free Software Foundation, @@ -29,7 +29,7 @@ namespace SMBLibrary.Server.SMB1 RemoteService service = share.GetService(openedFilePath); if (service != null) { - RPCPDU rpcRequest = RPCPDU.GetPDU(subcommand.WriteData); + RPCPDU rpcRequest = RPCPDU.GetPDU(subcommand.WriteData, 0); RPCPDU rpcReply = RemoteServiceHelper.GetRPCReply(rpcRequest, service); response.ReadData = rpcReply.GetBytes(); return response;