zydronium/SMBLibrary
1
0
Fork 0
mirror of https://github.com/TalAloni/SMBLibrary.git synced 2025-07-19 15:45:54 +02:00
Code Issues Projects Releases Packages Wiki Activity

Server: Bugfix: Do not return more bytes than requested when querying FileInformation / FileSystemInformation, report STATUS_BUFFER_OVERFLOW

Browse source
This commit is contained in:
Tal Aloni 2019-04-02 16:45:58 +03:00
parent acb047e65c
commit 6969d768ea
2 changed files with 30 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
SMBLibrary/Server/SMB1/Transaction2SubcommandHelper.cs
View file

@ -171,6 +171,12 @@ namespace SMBLibrary.Server.SMB1
state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information level: {1}", share.Name, subcommand.QueryFSInformationLevel);
response.SetQueryFSInformation(queryFSInformation, header.UnicodeFlag);
}
if (response.InformationBytes.Length > maxDataCount)
{
header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
}
return response;
}
@ -275,6 +281,12 @@ namespace SMBLibrary.Server.SMB1
state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information level: {2}", share.Name, path, subcommand.QueryInformationLevel);
response.SetQueryInformation(queryInformation);
}
if (response.InformationBytes.Length > maxDataCount)
{
header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
}
return response;
}
@ -331,6 +343,12 @@ namespace SMBLibrary.Server.SMB1
state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information level: {2}. (FID: {3})", share.Name, openFile.Path, subcommand.QueryInformationLevel, subcommand.FID);
response.SetQueryInformation(queryInformation);
}
if (response.InformationBytes.Length > maxDataCount)
{
header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
}
return response;
}

13
SMBLibrary/Server/SMB2/QueryInfoHelper.cs
View file

@ -1,4 +1,4 @@
/* Copyright (C) 2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
/* Copyright (C) 2017-2019 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
*
* You can redistribute this program and/or modify it under the terms of
* the GNU Lesser Public License as published by the Free Software Foundation,
@ -46,6 +46,11 @@ namespace SMBLibrary.Server.SMB2
state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information class: {2}. (FileId: {3})", share.Name, openFile.Path, request.FileInformationClass, request.FileId.Volatile);
QueryInfoResponse response = new QueryInfoResponse();
response.SetFileInformation(fileInformation);
if (response.OutputBuffer.Length > request.OutputBufferLength)
{
response.Header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.OutputBuffer = ByteReader.ReadBytes(response.OutputBuffer, 0, (int)request.OutputBufferLength);
}
return response;
}
else if (request.InfoType == InfoType.FileSystem)
@ -69,6 +74,12 @@ namespace SMBLibrary.Server.SMB2
state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information class: {1}", share.Name, request.FileSystemInformationClass);
QueryInfoResponse response = new QueryInfoResponse();
response.SetFileSystemInformation(fileSystemInformation);
if (response.OutputBuffer.Length > request.OutputBufferLength)
{
response.Header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
response.OutputBuffer = ByteReader.ReadBytes(response.OutputBuffer, 0, (int)request.OutputBufferLength);
}
return response;
}
}