Fix an issue with SMB2 create context padding

[zeroSteiner]

This fixes an issue with SMB2 padding. Basically both the name and data fields were always being calculated into the buffer size and padded to the alignment. Now, the value is only padded for the first field, and then the second field is only padded if there is another entry (as determined by next_offset != 0.

This came up while I was testing an SMB server file. To validate the code in isolation, you can use this script. The data was taken from "Extra Info" field the last packet in the attached PCAP file. Right click and copy as a hex stream.

$LOAD_PATH.unshift(File.dirname(__FILE__) + '/lib')
require 'bindata'
require 'ruby_smb'
require 'pp'


bad_cc = '00000000100004000000180024000000444832430000000049df34a0000000000000000000000000d614e2b8517aee1197bd50eb711a599000000000'.scan(/../).map { |x| x.hex.chr }.join

ccar = nil
BinData::trace_reading do
  ccar = RubySMB::SMB2::CreateContext::CreateContextRequest.read(bad_cc)
end
PP.pp(ccar.snapshot)

Before (Broken)

obj.next_offset => 0
obj.name_offset => 16
obj.name_length => 4
obj.reserved => 0
obj.data_offset => 24
obj.data_length => 36
/home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/io.rb:317:in `read': data truncated (IOError)
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/io.rb:278:in `readbytes'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/string.rb:118:in `read_and_return_value'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/base_primitive.rb:129:in `do_read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/trace.rb:59:in `do_read_with_hook'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/struct.rb:140:in `block in do_read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/struct.rb:140:in `each'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/struct.rb:140:in `do_read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/base.rb:147:in `block in read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/base.rb:253:in `start_read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/base.rb:145:in `read'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/base.rb:21:in `read'
	from test.rb:11:in `block in <main>'
	from /home/smcintyre/.rvm/gems/ruby-3.0.4/gems/bindata-2.4.15/lib/bindata/trace.rb:32:in `trace_reading'
	from test.rb:10:in `<main>'

After (Fixed)

obj.next_offset => 0
obj.name_offset => 16
obj.name_length => 4
obj.reserved => 0
obj.data_offset => 24
obj.data_length => 36
obj.buffer => "DH2C\x00\x00\x00\x00I\xDF4\xA0...
{:next_offset=>0,
 :name_offset=>16,
 :name_length=>4,
 :reserved=>0,
 :data_offset=>24,
 :data_length=>36,
 :buffer=>
  "DH2C\x00\x00\x00\x00I\xDF4\xA0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xD6\x14\xE2\xB8Qz\xEE\x11\x97\xBDP\xEBq\x1AY\x90\x00\x00\x00\x00",
 :name=>"",
 :data=>""}

bad_smb2_create_context.zip

[bwatters-r7]

Release Notes

This PR fixes a bug where padding was done improperly within the packet.