Fix UnboundLocalError on parentDir when connecting to Samba (Linux) shares#2174
Open
ghecko wants to merge 1 commit into
Open
Fix UnboundLocalError on parentDir when connecting to Samba (Linux) shares#2174ghecko wants to merge 1 commit into
ghecko wants to merge 1 commit into
Conversation
When connecting to a Samba/Linux SMB share using SMB3 dialect >= 3.0 with
directory leasing support, the SMB2 CREATE handler in smb3.py crashes with:
"cannot access local variable 'parentDir' where it is not associated with a value"
Root cause: an indentation bug at line 1271. The variable `parentDir` is only
assigned inside `if len(fileName.split('\\')) > 2:` (i.e. when the file is NOT
at the share root), but the block that references `parentDir` (the
GlobalFileTable lookup and parent entry creation) was incorrectly placed
outside that conditional. When accessing a root-level path — which is common
on Samba shares — the condition is false, `parentDir` is never assigned, and
Python raises UnboundLocalError.
The fix moves the `if parentDir in self.GlobalFileTable` block and its `else`
branch inside the `if len(...) > 2:` guard, which matches the original intent
described by the comment "Is this file NOT on the root directory?". Parent
directory lease tracking only makes sense when a parent directory actually
exists, so skipping it for root-level paths is the correct behavior.
This bug affects any tool built on impacket (nxc, smbclient-ng, etc.) when
targeting Samba/Linux shares with SMB3 directory leasing enabled.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When using any impacket-based tool (nxc, smbclient-ng, etc.) to connect to a
Samba/Linux SMB share, the connection fails with:
[error] cannot access local variable 'parentDir' where it is not associated with a valueThis happens when the SMB server advertises dialect >= 3.0 with directory
leasing support, and the client accesses a file at the root of the share.
Root cause
In
impacket/smb3.py, theSMB2_CREATEhandler has an indentation bug in thedirectory leasing logic (around line 1267-1277):
parentDiris only assigned when the path has more than 2 components (i.e. notat share root), but the code referencing it sits outside that
ifblock. Forroot-level paths (common on Samba shares)
parentDiris never bound, causingan
UnboundLocalError.Fix
Move the
if parentDir in self.GlobalFileTable/elseblock inside theif len(...) > 2:guard, so that parent directory lease tracking is onlyattempted when a parent directory actually exists:
This matches the original intent described by the inline comment
"Is this file NOT on the root directory?".
Impact
Affects any impacket consumer connecting to Samba/Linux shares over SMB3 with
directory leasing enabled. Windows shares are less commonly affected because
paths tend to include subdirectories (e.g.
C$\Windows\...).