More smb error handling

scapy/layers/smb2.py

@@ -84,9 +84,9 @@
     0x0000010C: "STATUS_NOTIFY_ENUM_DIR",
     0x00000532: "ERROR_PASSWORD_EXPIRED",
     0x00000533: "ERROR_ACCOUNT_DISABLED",
-    0x8000002D: "STATUS_STOPPED_ON_SYMLINK",
     0x80000005: "STATUS_BUFFER_OVERFLOW",
     0x80000006: "STATUS_NO_MORE_FILES",
+    0x8000002D: "STATUS_STOPPED_ON_SYMLINK",
     0xC0000003: "STATUS_INVALID_INFO_CLASS",
     0xC0000004: "STATUS_INFO_LENGTH_MISMATCH",
     0xC000000D: "STATUS_INVALID_PARAMETER",
@@ -100,16 +100,17 @@
     0xC0000072: "STATUS_ACCOUNT_DISABLED",
     0xC000009A: "STATUS_INSUFFICIENT_RESOURCES",
     0xC00000BB: "STATUS_NOT_SUPPORTED",
+    0xC00000C9: "STATUS_NETWORK_NAME_DELETED",
     0xC00000CC: "STATUS_BAD_NETWORK_NAME",
     0xC0000120: "STATUS_CANCELLED",
     0xC0000128: "STATUS_FILE_CLOSED",  # backup error for older Win versions
     0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED",
     0xC000019C: "STATUS_FS_DRIVER_REQUIRED",
     0xC0000203: "STATUS_USER_SESSION_DELETED",
+    0xC000020C: "STATUS_CONNECTION_DISCONNECTED",
     0xC0000225: "STATUS_NOT_FOUND",
     0xC0000257: "STATUS_PATH_NOT_COVERED",
     0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED",
-    0xC000020C: "STATUS_CONNECTION_DISCONNECTED",
 }
 
 # SMB2 sect 2.1.2.1

scapy/layers/smbserver.py

@@ -1119,7 +1119,7 @@ def lookup_folder(self, handle, filter, offset, cls):
         self.vprint("Query directory: " + str(path))
         self.current_handles[handle][1]["LastAccessTime"] = self.current_smb_time()
         if not path.is_dir():
-            return NotADirectoryError
+            raise NotADirectoryError
         return sorted(
             [
                 cls(FileName=x.name, **self.current_handles[self.lookup_file(x)][1])
@@ -1302,6 +1302,9 @@ def send_query_directory_response(self, pkt):
         query = pkt.FileName
         fid = self.get_file_id(pkt)
         # Check for handled FileInformationClass
+        # 0x02: FileFullDirectoryInformation
+        # 0x03: FileBothDirectoryInformation
+        # 0x25: FileIdBothDirectoryInformation
         if pkt.FileInformationClass not in [0x02, 0x03, 0x25]:
             # Unknown FileInformationClass
             resp = self.smb_header.copy() / SMB2_Error_Response()
@@ -1313,16 +1316,23 @@ def send_query_directory_response(self, pkt):
         if pkt[SMB2_Query_Directory_Request].Flags.SMB2_RESTART_SCANS:
             self.enumerate_index[fid] = 0
         # Lookup the files
-        files = self.lookup_folder(
-            fid,
-            query,
-            self.enumerate_index[fid],
-            {
-                0x02: FILE_FULL_DIR_INFORMATION,  # FileFullDirectoryInformation,
-                0x03: FILE_BOTH_DIR_INFORMATION,  # FileBothDirectoryInformation
-                0x25: FILE_ID_BOTH_DIR_INFORMATION,  # FileIdBothDirectoryInformation
-            }[pkt.FileInformationClass],
-        )
+        try:
+            files = self.lookup_folder(
+                fid,
+                query,
+                self.enumerate_index[fid],
+                {
+                    0x02: FILE_FULL_DIR_INFORMATION,
+                    0x03: FILE_BOTH_DIR_INFORMATION,
+                    0x25: FILE_ID_BOTH_DIR_INFORMATION,
+                }[pkt.FileInformationClass],
+            )
+        except NotADirectoryError:
+            resp = self.smb_header.copy() / SMB2_Error_Response()
+            resp.Command = "SMB2_QUERY_DIRECTORY"
+            resp.Status = "STATUS_INVALID_PARAMETER"
+            self.send(resp)
+            return
         if not files:
             # No more files !
             self.enumerate_index[fid] = 0
@@ -1532,8 +1542,13 @@ def receive_tree_disconnect_request(self, pkt):
     @ATMT.action(receive_tree_disconnect_request)
     def send_tree_disconnect_response(self, pkt):
         self.update_smbheader(pkt)
-        del self.current_trees[self.smb_header.TID]  # clear tree
-        resp = self.smb_header.copy() / SMB2_Tree_Disconnect_Response()
+        try:
+            del self.current_trees[self.smb_header.TID]  # clear tree
+            resp = self.smb_header.copy() / SMB2_Tree_Disconnect_Response()
+        except KeyError:
+            resp = self.smb_header.copy() / SMB2_Error_Response()
+            resp.Command = "SMB2_TREE_DISCONNECT"
+            resp.Status = "STATUS_NETWORK_NAME_DELETED"
         self.send(resp)
 
     @ATMT.receive_condition(SERVING)