Server: Bugfix: Do not return more bytes than requested when querying FileInformation / FileSystemInformation, report STATUS_BUFFER_OVERFLOW

SMBLibrary/Server/SMB1/Transaction2SubcommandHelper.cs

@@ -171,6 +171,12 @@ namespace SMBLibrary.Server.SMB1
                 state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information level: {1}", share.Name, subcommand.QueryFSInformationLevel);
                 response.SetQueryFSInformation(queryFSInformation, header.UnicodeFlag);
             }
+
+            if (response.InformationBytes.Length > maxDataCount)
+            {
+                header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
+                response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
+            }
             return response;
         }
 
@@ -275,6 +281,12 @@ namespace SMBLibrary.Server.SMB1
                 state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information level: {2}", share.Name, path, subcommand.QueryInformationLevel);
                 response.SetQueryInformation(queryInformation);
             }
+
+            if (response.InformationBytes.Length > maxDataCount)
+            {
+                header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
+                response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
+            }
             return response;
         }
 
@@ -331,6 +343,12 @@ namespace SMBLibrary.Server.SMB1
                 state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information level: {2}. (FID: {3})", share.Name, openFile.Path, subcommand.QueryInformationLevel, subcommand.FID);
                 response.SetQueryInformation(queryInformation);
             }
+
+            if (response.InformationBytes.Length > maxDataCount)
+            {
+                header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
+                response.InformationBytes = ByteReader.ReadBytes(response.InformationBytes, 0, (int)maxDataCount);
+            }
             return response;
         }
 

SMBLibrary/Server/SMB2/QueryInfoHelper.cs

@@ -1,4 +1,4 @@
-/* Copyright (C) 2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
+/* Copyright (C) 2017-2019 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  * 
  * You can redistribute this program and/or modify it under the terms of
  * the GNU Lesser Public License as published by the Free Software Foundation,
@@ -46,6 +46,11 @@ namespace SMBLibrary.Server.SMB2
                 state.LogToServer(Severity.Information, "GetFileInformation on '{0}{1}' succeeded. Information class: {2}. (FileId: {3})", share.Name, openFile.Path, request.FileInformationClass, request.FileId.Volatile);
                 QueryInfoResponse response = new QueryInfoResponse();
                 response.SetFileInformation(fileInformation);
+                if (response.OutputBuffer.Length > request.OutputBufferLength)
+                {
+                    response.Header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
+                    response.OutputBuffer = ByteReader.ReadBytes(response.OutputBuffer, 0, (int)request.OutputBufferLength);
+                }
                 return response;
             }
             else if (request.InfoType == InfoType.FileSystem)
@@ -69,6 +74,12 @@ namespace SMBLibrary.Server.SMB2
                     state.LogToServer(Severity.Information, "GetFileSystemInformation on '{0}' succeeded. Information class: {1}", share.Name, request.FileSystemInformationClass);
                     QueryInfoResponse response = new QueryInfoResponse();
                     response.SetFileSystemInformation(fileSystemInformation);
+                    if (response.OutputBuffer.Length > request.OutputBufferLength)
+                    {
+                        response.Header.Status = NTStatus.STATUS_BUFFER_OVERFLOW;
+                        response.OutputBuffer = ByteReader.ReadBytes(response.OutputBuffer, 0, (int)request.OutputBufferLength);
+                    }
+
                     return response;
                 }
             }