3.3.5.2 Receiving Any Message

  • Article

For every message received, the server MUST calculate the total number of bytes in the message and MUST update the values of Server.Statistics.sts0_bytesrcvd_low and Server.Statistics.sts0_bytesrcvd_high. The server MUST update Server.Connection.IdleTime as the current time plus Server.AutoDisconnectTimeout.

Upon receiving any client request, the server SHOULD perform basic message validation. The following tests SHOULD be performed on all received messages, with exceptions as noted:

  • Validate the length of the message.

    If the message is a standard SMB message, as opposed to a raw data transfer, the total byte length of the message as reported by the SMB transport MUST be a minimum of 35 bytes:

      
   35 = 32 + 1 + 2 = sizeof( SMB_Header ) + sizeof( WordCount ) + sizeof( ByteCount );

    The total byte length of any SMB message MUST be at least:

     sizeof( SMB_Header ) + sizeof( WordCount ) + (2 x WordCount) + sizeof( ByteCount ) + ByteCount;

    If the total number of bytes transferred by the SMB transport is less than specified by the preceding formula, then the message was either incorrectly formatted by the client, or it was truncated in transit. The client SHOULD send an error response with the Status code set to STATUS_INVALID_SMB (ERRSRV/ERRerror). It is not a protocol error for the client to transfer excess data; however, the excess data MUST be ignored.

    Raw data transfers from client to server are generated by the SMB_COM_WRITE_RAW command.

  • Validate the SMB Header (section 2.2.3.1) Protocol identifier and the command code.

    The four-byte Protocol identifier at the start of the SMB Header MUST contain the octet values '\xFF', 'S', 'M', 'B'. Otherwise, the server MUST return an error response with the Status code set to STATUS_INVALID_SMB (ERRSRV/ERRerror).

    The command code MUST be one of the valid command codes listed in section 2.2.2.1.

    • If the command code in the SMB_Header.Status field is listed as "Unused" or "Reserved" in the first column of the table in section 2.2.2.1, or if the command code is either SMB_COM_INVALID (section 2.2.4.74) or SMB_COM_NO_ANDX_COMMAND (section 2.2.4.75), the server MUST return an error response with the Status code set to STATUS_SMB_BAD_COMMAND (ERRSRV/ERRbadcmd).

    • If the command is listed in the table in section 2.2.2.1 as Obsolete (as shown by an X in the Status column) or Not Implemented (as shown by an N in the Status column), the server SHOULD return an error response with a Status code of STATUS_NOT_IMPLEMENTED (ERRDOS/ERRbadfunc). See the descriptions of the individual commands in section 2.2.4 for more information.<238>

    • If the command code represents a valid command, but the command has not been implemented by the server, the server MUST return STATUS_NOT_IMPLEMENTED (ERRDOS/ERRbadfunc).

  • Validate the UID and TID.

    With three exceptions, all SMB requests sent by the client MUST have valid UIDs. The exceptions are:

    • SMB_COM_NEGOTIATE

    • SMB_COM_ECHO

    • SMB_COM_SESSION_SETUP_ANDX

      To be valid, a Server.Connection.SessionTable entry for the UID MUST exist, such that the Server.Session.UID matches the SMB_Header.UID received in the request. If the UID is not valid, the server MUST return STATUS_SMB_BAD_UID (ERRSRV/ERRbaduid).

      If the UID is valid, the server MUST enumerate all connections in the Server.ConnectionTable and MUST look up Session in the Server.Connection.SessionTable where UID is equal to Server.Session.UID. If a session is found, Server.Session.IdleTime MUST be set to the current time. If no session is found, no action regarding idle time is taken.

      With five exceptions, all SMB requests sent by the client MUST have valid TIDs. The exceptions are:

    • SMB_COM_NEGOTIATE

    • SMB_COM_SESSION_SETUP_ANDX

    • SMB_COM_TREE_CONNECT

    • SMB_COM_TREE_CONNECT_ANDX

    • SMB_COM_LOGOFF_ANDX

      To be valid, a Server.Connection.TreeConnectTable entry for the TID MUST exist, such that the Server.TreeConnect.TID matches the SMB_Header.TID received in the request. If the TID is not valid, the server MUST return STATUS_SMB_BAD_TID (ERRSRV/ERRinvtid).

      The SMB_COM_ECHO command requires either a valid TID or the value 0xFFFF. The latter MAY be used if no tree connect has been established.<239>

  • This list of validation tests is not exhaustive.