s3-smb2_server: fix ioctl InputOffset checking

Currently the InputOffset is always check to point to the input data
buffer, regardless of whether input data is present.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit dbcd59f46b0d2125dfb6eb82b3d92be228c6ae4b)

The last 22 patches addres bug #8520 (Fix SMB2 SMB2_OP_GETINFO and
SMB2_OP_IOCTL parsing requirements).

diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c
index 8f2a4713ab1e2f5713ffed0b08286dfa98eb08d3..17b915489b05701164551d13406210da8815b3a7 100644 (file)
--- a/source3/smbd/smb2_ioctl.c
+++ b/source3/smbd/smb2_ioctl.c
@@ -68,7 +68,16 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req)
        in_max_output_length    = IVAL(inbody, 0x2C);
        in_flags                = IVAL(inbody, 0x30);
 
-       if (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len)) {
+       /*
+        * InputOffset (4 bytes): The offset, in bytes, from the beginning of
+        * the SMB2 header to the input data buffer. If no input data is
+        * required for the FSCTL/IOCTL command being issued, the client SHOULD
+        * set this value to 0.<49>
+        * <49> If no input data is required for the FSCTL/IOCTL command being
+        * issued, Windows-based clients set this field to any value.
+        */
+       if ((in_input_length > 0)
+        && (in_input_offset != (SMB2_HDR_BODY + req->in.vector[i+1].iov_len))) {
                return smbd_smb2_request_error(req, NT_STATUS_INVALID_PARAMETER);
        }