Server: SMB2: Correctly handle invalid SessionSetup request containing a sessionID already in use

2025-07-24 02:00:27 +02:00 · 2022-10-28 13:38:35 +03:00 · 2022-10-28 13:38:35 +03:00 · c1979716fb
commit c1979716fb
parent de3ea8d4eb
2 changed files with 7 additions and 1 deletions
--- a/SMBLibrary/Enums/NTStatus.cs
+++ b/SMBLibrary/Enums/NTStatus.cs
@ -54,6 +54,7 @@ namespace SMBLibrary
        STATUS_BAD_DEVICE_TYPE = 0xC00000CB,
        STATUS_BAD_NETWORK_NAME = 0xC00000CC,
        STATUS_TOO_MANY_SESSIONS = 0xC00000CE,
+        STATUS_REQUEST_NOT_ACCEPTED = 0xC00000D0,
        STATUS_DIRECTORY_NOT_EMPTY = 0xC0000101,
        STATUS_NOT_A_DIRECTORY = 0xC0000103,
        STATUS_TOO_MANY_OPENED_FILES = 0xC000011F,
--- a/SMBLibrary/Server/SMB2/SessionSetupHelper.cs
+++ b/SMBLibrary/Server/SMB2/SessionSetupHelper.cs
@ -1,4 +1,4 @@
-/* Copyright (C) 2017-2020 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
+/* Copyright (C) 2017-2022 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
 * 
 * You can redistribute this program and/or modify it under the terms of
 * the GNU Lesser Public License as published by the Free Software Foundation,
@ -51,6 +51,11 @@ namespace SMBLibrary.Server.SMB2
                sessionID = allocatedSessionID.Value;
                response.Header.SessionID = allocatedSessionID.Value;
            }
+            else if (state.GetSession(sessionID) != null)
+            {
+                // We already have an established session associated with this sessionID, the client is in violation
+                return new ErrorResponse(request.CommandName, NTStatus.STATUS_REQUEST_NOT_ACCEPTED);
+            }

            if (status == NTStatus.SEC_I_CONTINUE_NEEDED)
            {