From 7c31666bc302b2bc114b1649cf84182af54111c9 Mon Sep 17 00:00:00 2001
From: Tal Aloni <tal.aloni.il@gmail.com>
Date: Wed, 13 Dec 2017 20:24:11 +0200
Subject: [PATCH] Client: Discard all unsolicited responses except OpLock break

---
 SMBLibrary/Client/SMB1Client.cs | 13 ++++++++++---
 SMBLibrary/Client/SMB2Client.cs | 13 ++++++++++---
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/SMBLibrary/Client/SMB1Client.cs b/SMBLibrary/Client/SMB1Client.cs
index 23b358e..4c5b995 100644
--- a/SMBLibrary/Client/SMB1Client.cs
+++ b/SMBLibrary/Client/SMB1Client.cs
@@ -456,10 +456,17 @@ namespace SMBLibrary.Client
                     return;
                 }
 
-                lock (m_incomingQueueLock)
+                // [MS-CIFS] 3.2.5.1 - If the MID value is the reserved value 0xFFFF, the message can be an OpLock break
+                // sent by the server. Otherwise, if the PID and MID values of the received message are not found in the
+                // Client.Connection.PIDMIDList, the message MUST be discarded.
+                if ((message.Header.MID == 0xFFFF && message.Header.Command == CommandName.SMB_COM_LOCKING_ANDX) ||
+                    (message.Header.PID == 0 && message.Header.MID == 0))
                 {
-                    m_incomingQueue.Add(message);
-                    m_incomingQueueEventHandle.Set();
+                    lock (m_incomingQueueLock)
+                    {
+                        m_incomingQueue.Add(message);
+                        m_incomingQueueEventHandle.Set();
+                    }
                 }
             }
         }
diff --git a/SMBLibrary/Client/SMB2Client.cs b/SMBLibrary/Client/SMB2Client.cs
index a47a206..9014b87 100644
--- a/SMBLibrary/Client/SMB2Client.cs
+++ b/SMBLibrary/Client/SMB2Client.cs
@@ -340,10 +340,17 @@ namespace SMBLibrary.Client
                     return;
                 }
 
-                lock (m_incomingQueueLock)
+                // [MS-SMB2] 3.2.5.1.2 - If the MessageId is 0xFFFFFFFFFFFFFFFF, this is not a reply to a previous request,
+                // and the client MUST NOT attempt to locate the request, but instead process it as follows:
+                // If the command field in the SMB2 header is SMB2 OPLOCK_BREAK, it MUST be processed as specified in 3.2.5.19.
+                // Otherwise, the response MUST be discarded as invalid.
+                if (command.Header.MessageID != 0xFFFFFFFFFFFFFFFF || command.Header.Command == SMB2CommandName.OplockBreak)
                 {
-                    m_incomingQueue.Add(command);
-                    m_incomingQueueEventHandle.Set();
+                    lock (m_incomingQueueLock)
+                    {
+                        m_incomingQueue.Add(command);
+                        m_incomingQueueEventHandle.Set();
+                    }
                 }
             }
         }