From 4c59c21670e9f1438d7704b933420c7effdffabb Mon Sep 17 00:00:00 2001 From: Gabe Kirkpatrick Date: Thu, 18 May 2023 23:20:34 -0700 Subject: [PATCH] Server: Fix issue when GSSAPI SessionKey is null (#182) --- SMBLibrary/Server/SMB1/SessionSetupHelper.cs | 4 ++-- SMBLibrary/Server/SMB2/SessionSetupHelper.cs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SMBLibrary/Server/SMB1/SessionSetupHelper.cs b/SMBLibrary/Server/SMB1/SessionSetupHelper.cs index 89f4df5..c63b4b1 100644 --- a/SMBLibrary/Server/SMB1/SessionSetupHelper.cs +++ b/SMBLibrary/Server/SMB1/SessionSetupHelper.cs @@ -38,7 +38,7 @@ namespace SMBLibrary.Server.SMB1 object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken); bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?; - if (sessionKey.Length > 16) + if (sessionKey != null && sessionKey.Length > 16) { // [MS-CIFS] 3.3.5.43 If the session key is equal to or longer than 16 bytes, only the least significant 16 bytes MUST be stored in Server.Session.SessionKey sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16); @@ -128,7 +128,7 @@ namespace SMBLibrary.Server.SMB1 object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken); bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?; - if (sessionKey.Length > 16) + if (sessionKey != null && sessionKey.Length > 16) { // [MS-CIFS] 3.3.5.43 If the session key is equal to or longer than 16 bytes, only the least significant 16 bytes MUST be stored in Server.Session.SessionKey sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16); diff --git a/SMBLibrary/Server/SMB2/SessionSetupHelper.cs b/SMBLibrary/Server/SMB2/SessionSetupHelper.cs index 902a8c5..8e39337 100644 --- a/SMBLibrary/Server/SMB2/SessionSetupHelper.cs +++ b/SMBLibrary/Server/SMB2/SessionSetupHelper.cs @@ -71,7 +71,7 @@ namespace SMBLibrary.Server.SMB2 object accessToken = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.AccessToken); bool? isGuest = securityProvider.GetContextAttribute(state.AuthenticationContext, GSSAttributeName.IsGuest) as bool?; - if (sessionKey.Length > 16) + if (sessionKey != null && sessionKey.Length > 16) { // [MS-SMB2] 3.3.1.8 SessionKey MUST be set to the first 16 bytes of the cryptographic key queried from the GSS protocol for this authenticated context. sessionKey = ByteReader.ReadBytes(sessionKey, 0, 16);