Bumped dev version and fixed up signature verification

jborean93 · Feb 20, 2018 · f8b53a3 · f8b53a3
1 parent 2674977
commit f8b53a3
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 11 deletions.
diff --git a/smbprotocol/__init__.py b/smbprotocol/__init__.py
@@ -10,4 +10,4 @@ def emit(self, record):
 logger = logging.getLogger(__name__)
 logger.addHandler(NullHandler())
 
-__version__ = '0.0.1.dev0'
+__version__ = '0.0.1.dev1'
diff --git a/smbprotocol/connection.py b/smbprotocol/connection.py
@@ -1094,15 +1094,18 @@ def _sign(self, message, session, padding=None):
         message['signature'] = signature
 
     def _verify(self, message, verify_session=False):
-        if message['message_id'].get_value() == 0xFFFFFFFFFFFFFFFF:
-            return
-        elif not message['flags'].has_flag(Smb2Flags.SMB2_FLAGS_SIGNED):
-            return
-        elif message['command'].get_value() == Commands.SMB2_SESSION_SETUP \
-                and not verify_session:
+        message_id = message['message_id'].get_value()
+        flags = message['flags']
+        status = message['status'].get_value()
+        command = message['command'].get_value()
+        session_id = message['session_id'].get_value()
+        if message_id == 0xFFFFFFFFFFFFFFFF or \
+                not flags.has_flag(Smb2Flags.SMB2_FLAGS_SIGNED) or \
+                status == NtStatus.STATUS_PENDING or \
+                (command == Commands.SMB2_SESSION_SETUP and
+                 not verify_session):
             return
 
-        session_id = message['session_id'].get_value()
         session = self.session_table.get(session_id, None)
         if session is None:
             error_msg = "Failed to find session %d for message verification" \

diff --git a/tests/test_connection.py b/tests/test_connection.py
@@ -916,7 +916,7 @@ def test_verify_message_skip(self, smb_real):
         connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True)
         connection.connect()
         try:
-            header = SMB2HeaderRequest()
+            header = SMB2HeaderResponse()
             header['message_id'] = 0xFFFFFFFFFFFFFFFF
             expected = header.pack()
             connection._verify(header)
@@ -929,7 +929,7 @@ def test_verify_fail_no_session(self, smb_real):
         connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True)
         connection.connect()
         try:
-            header = SMB2HeaderRequest()
+            header = SMB2HeaderResponse()
             header['message_id'] = 1
             header['flags'].set_flag(Smb2Flags.SMB2_FLAGS_SIGNED)
             header['session_id'] = 100
@@ -946,7 +946,7 @@ def test_verify_mistmatch(self, smb_real):
         connection.connect()
         try:
             session.connect()
-            header = connection.preauth_integrity_hash_value[-1]
+            header = connection.preauth_integrity_hash_value[-2]
             # just set some random values for verifiation failure
             header['flags'].set_flag(Smb2Flags.SMB2_FLAGS_SIGNED)
             header['signature'] = b"\xff" * 16