From: Stefan Metzmacher Date: Mon, 5 Jul 2021 15:49:00 +0000 (+0200) Subject: s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 X-Git-Tag: tdb-1.4.5~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef57fba5dbf359b204ba952451e1e33ed68f1c91;p=thirdparty%2Fsamba.git s3:smbd: implement FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure', as the 2nd smb2cli_read() function will now return NT_STATUS_INVALID_NETWORK_RESPONSE. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- diff --git a/selftest/knownfail.d/smb2-read-bug14607 b/selftest/knownfail.d/smb2-read-bug14607 new file mode 100644 index 00000000000..05b8adfa8cd --- /dev/null +++ b/selftest/knownfail.d/smb2-read-bug14607 @@ -0,0 +1 @@ +samba3.smb2.read.bug14607 diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index e1a520c1977..3215a5a8c2e 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -538,6 +538,10 @@ struct smbXsrv_connection { struct smbXsrv_preauth preauth; struct smbd_smb2_request *requests; + + struct { + uint8_t read_body_padding; + } smbtorture; } smb2; }; diff --git a/source3/smbd/smb2_ioctl.c b/source3/smbd/smb2_ioctl.c index 8b65a691638..d29ff5d0303 100644 --- a/source3/smbd/smb2_ioctl.c +++ b/source3/smbd/smb2_ioctl.c @@ -197,6 +197,7 @@ NTSTATUS smbd_smb2_request_process_ioctl(struct smbd_smb2_request *req) case FSCTL_QUERY_NETWORK_INTERFACE_INFO: case FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT: case FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8: + case FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8: /* * Some SMB2 specific CtlCodes like FSCTL_DFS_GET_REFERRALS or * FSCTL_PIPE_WAIT does not take a file handle. @@ -424,6 +425,15 @@ static struct tevent_req *smb2_ioctl_smbtorture(uint32_t ctl_code, tevent_req_done(req); return tevent_req_post(req, ev); + case FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8: + if (state->in_input.length != 0) { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + + state->smb2req->xconn->smb2.smbtorture.read_body_padding = 8; + tevent_req_done(req); + return tevent_req_post(req, ev); default: goto not_supported; } diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c index 8372188f58d..a846215b0ec 100644 --- a/source3/smbd/smb2_read.c +++ b/source3/smbd/smb2_read.c @@ -117,6 +117,7 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq) struct smbd_smb2_request *req = tevent_req_callback_data(subreq, struct smbd_smb2_request); uint16_t body_size; + uint8_t body_padding = req->xconn->smb2.smbtorture.read_body_padding; DATA_BLOB outbody; DATA_BLOB outdyn; uint8_t out_data_offset; @@ -140,7 +141,11 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq) return; } - body_size = 0x10; + /* + * Only FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 + * sets body_padding to a value different from 0. + */ + body_size = 0x10 + body_padding; out_data_offset = SMB2_HDR_BODY + body_size; outbody = smbd_smb2_generate_outbody(req, body_size); @@ -163,6 +168,9 @@ static void smbd_smb2_request_read_done(struct tevent_req *subreq) SIVAL(outbody.data, 0x08, out_data_remaining); /* data remaining */ SIVAL(outbody.data, 0x0C, 0); /* reserved */ + if (body_padding != 0) { + memset(outbody.data + 0x10, 0, body_padding); + } outdyn = out_data_buffer;