Panic: runtime error: slice bounds out of range in PacketCodec.SessionId() and SetSessionId() when receiving truncated SMB2 packets

[m0ng3sh3ll]

Hi,
While using go-smb2 to scan SMB shares across a large range of IPs, I encountered intermittent panics with the following error:

panic: runtime error: slice bounds out of range [:48] with capacity 0

This happens when the remote SMB server closes the connection or sends a truncated/invalid packet, and the library tries to access a slice (e.g., data[40:48]) without checking its length first.
The panic typically occurs in the PacketCodec.SessionId() and PacketCodec.SetSessionId() methods, which assume the packet is always at least 48 bytes long.

How to reproduce:

• Connect to an SMB server that closes the connection abruptly or returns malformed/truncated packets.

• Call methods that parse the SMB2 header, such as SessionId() or SetSessionId().

Proposed solution:

Add a length check before accessing the slice in the internal/smb2/packet.go file:

}

func (p PacketCodec) SessionId() uint64 {
	if len(p) < 48 {
		return 0
	}
	return le.Uint64(p[40:48])
}

func (p PacketCodec) SetSessionId(u uint64) {
	if len(p) < 48 {
		return 
	}
	le.PutUint64(p[40:48], u)
}

I have tested this fix locally and it resolved the issue.

Thank you for your work on this lib! <3

[maharudragadhave-Druva]

@m0ng3sh3ll Thanks for sharing issue & analysis. I have also faced the similar issue. However, my use case was bit different.

When the client communicates with the NAS server using multiple goroutines. If several goroutines fail with an error, the SMB server returns a "credit expired" error. When this happens, the client closes the underlying TCP connection to reestablish it with an increased credit charge, which causes the panic. Because, reading from closed connection leads to truncated packet.

I have also thoroughly tested the solution.

Raised PR with the fix: #102