]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
authorStefan Metzmacher <metze@samba.org>
Mon, 5 Jul 2021 15:49:00 +0000 (17:49 +0200)
committerJeremy Allison <jra@samba.org>
Thu, 15 Jul 2021 23:04:34 +0000 (23:04 +0000)
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
selftest/knownfail.d/smb2-read-bug14607 [new file with mode: 0644]
source3/smbd/globals.h
source3/smbd/smb2_ioctl.c
source3/smbd/smb2_read.c

diff --git a/selftest/knownfail.d/smb2-read-bug14607 b/selftest/knownfail.d/smb2-read-bug14607
new file mode 100644 (file)
index 0000000..05b8adf
--- /dev/null
@@ -0,0 +1 @@
+samba3.smb2.read.bug14607
index e1a520c1977be3b279c22aaf218803b239a27fee..3215a5a8c2eaece14d9c78d485c5ff87bdc84e74 100644 (file)
@@ -538,6 +538,10 @@ struct smbXsrv_connection {
                struct smbXsrv_preauth preauth;
 
                struct smbd_smb2_request *requests;
+
+               struct {
+                       uint8_t read_body_padding;
+               } smbtorture;
        } smb2;
 };
 
index 8b65a6916386b474b1ca553e8c087e9a5e11c443..d29ff5d0303bc4d5835dfda04b75f2bdaacedb45 100644 (file)
@@ -197,6 +197,7 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req)
        case FSCTL_QUERY_NETWORK_INTERFACE_INFO:
        case FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT:
        case FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8:
+       case FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8:
                /*
                 * Some SMB2 specific CtlCodes like FSCTL_DFS_GET_REFERRALS or
                 * FSCTL_PIPE_WAIT does not take a file handle.
@@ -424,6 +425,15 @@ static struct tevent_req *smb2_ioctl_smbtorture(uint32_t ctl_code,
                tevent_req_done(req);
                return tevent_req_post(req, ev);
 
+       case FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8:
+               if (state->in_input.length != 0) {
+                       tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+                       return tevent_req_post(req, ev);
+               }
+
+               state->smb2req->xconn->smb2.smbtorture.read_body_padding = 8;
+               tevent_req_done(req);
+               return tevent_req_post(req, ev);
        default:
                goto not_supported;
        }
index 8372188f58d7b3c87aa05a5973cb4710b5552454..a846215b0ecae8b597ef218aa85bb38ac62e3c98 100644 (file)
@@ -117,6 +117,7 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq)
        struct smbd_smb2_request *req = tevent_req_callback_data(subreq,
                                        struct smbd_smb2_request);
        uint16_t body_size;
+       uint8_t body_padding = req->xconn->smb2.smbtorture.read_body_padding;
        DATA_BLOB outbody;
        DATA_BLOB outdyn;
        uint8_t out_data_offset;
@@ -140,7 +141,11 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq)
                return;
        }
 
-       body_size = 0x10;
+       /*
+        * Only FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8
+        * sets body_padding to a value different from 0.
+        */
+       body_size = 0x10 + body_padding;
        out_data_offset = SMB2_HDR_BODY + body_size;
 
        outbody = smbd_smb2_generate_outbody(req, body_size);
@@ -163,6 +168,9 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq)
        SIVAL(outbody.data, 0x08,
              out_data_remaining);              /* data remaining */
        SIVAL(outbody.data, 0x0C, 0);           /* reserved */
+       if (body_padding != 0) {
+               memset(outbody.data + 0x10, 0, body_padding);
+       }
 
        outdyn = out_data_buffer;