SMB v1 response incorrect when signature verification fails
Open the attached tcon.snoop in Wireshark, and see frame 13.
Says [Malformed ...]
The word count and byte count are missing, so
the frame is 32 bytes long where it should be 35.
Steps to Reproduce:
Set signing required on the server,
and signing disabled on the client.
Attempt to connect with SMB1
Observe malformed error packet.
Updated by Gordon Ross 9 months ago
Near the top of smb1sr work, we have some "goto report_error" statements
that happen before we've written the SMB header in the reply. In that case,
report_error writes the (zero) word count and byte count at offset zero, and
then the header gets "poked" into the same location, overwriting those.
The word count and byte count are supposed to be after the header.
Testing: as in the description.
Fix in production since mid 2017
Updated by Electric Monk 9 months ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
commit 2a19195a95e51d8bfa4d94abf117f9ace761ad08 Author: Gordon Ross <email@example.com> Date: 2019-05-19T23:21:32.000Z 10970 SMB v1 response incorrect when signature verification fails Reviewed by: Evan Layton <firstname.lastname@example.org> Reviewed by: Rick McNeal <email@example.com> Reviewed by: Matt Barden <firstname.lastname@example.org> Approved by: Joshua M. Clulow <email@example.com>