DCE/RPC frag fix + Cert class fixes (#4786)

* Fix broken behavior of IOCTL with fragmented DCE/RPC

* Fix broken export() function in Cert/Key

Author: gpotter2

scapy/layers/smbclient.py

@@ -1044,17 +1044,18 @@ def send(self, x):
             if SMB2_IOCTL_Response not in resp:
                 raise ValueError("Failed reading IOCTL_Response ! %s" % resp.NTStatus)
             data = bytes(resp.Output)
+            super(SMB_RPC_SOCKET, self).send(data)
             # Handle BUFFER_OVERFLOW (big DCE/RPC response)
-            while resp.NTStatus == "STATUS_BUFFER_OVERFLOW":
+            while resp.NTStatus == "STATUS_BUFFER_OVERFLOW" or data[3] & 2 != 2:
                 # Retrieve DCE/RPC full size
                 resp = self.ins.sr1(
                     SMB2_Read_Request(
                         FileId=self.PipeFileId,
                     ),
                     verbose=0,
                 )
-                data += resp.Data
-            super(SMB_RPC_SOCKET, self).send(data)
+                data = resp.Data
+                super(SMB_RPC_SOCKET, self).send(data)
         else:
             # Use WriteRequest/ReadRequest
             pkt = SMB2_Write_Request(

scapy/layers/tls/cert.py

@@ -284,15 +284,20 @@ def public_numbers(self, *args, **kwargs):
     def key_size(self):
         return self.pubkey.key_size
 
-    def export(self, filename, fmt="DER"):
+    def export(self, filename, fmt=None):
         """
         Export public key in 'fmt' format (DER or PEM) to file 'filename'
         """
+        if fmt is None:
+            if filename.endswith(".pem"):
+                fmt = "PEM"
+            else:
+                fmt = "DER"
         with open(filename, "wb") as f:
             if fmt == "DER":
-                f.write(self.der)
+                return f.write(self.der)
             elif fmt == "PEM":
-                f.write(self.pem)
+                return f.write(self.pem.encode())
 
 
 class PubKeyRSA(PubKey, _EncryptAndVerifyRSA):
@@ -544,15 +549,20 @@ def der(self):
             encryption_algorithm=serialization.NoEncryption()
         )
 
-    def export(self, filename, fmt="DER"):
+    def export(self, filename, fmt=None):
         """
         Export private key in 'fmt' format (DER or PEM) to file 'filename'
         """
+        if fmt is None:
+            if filename.endswith(".pem"):
+                fmt = "PEM"
+            else:
+                fmt = "DER"
         with open(filename, "wb") as f:
             if fmt == "DER":
-                f.write(self.der)
+                return f.write(self.der)
             elif fmt == "PEM":
-                f.write(self.pem)
+                return f.write(self.pem.encode())
 
 
 class PrivKeyRSA(PrivKey, _DecryptAndSignRSA):
@@ -826,6 +836,12 @@ def setSubjectPublicKeyFromPrivateKey(self, key):
         else:
             raise ValueError("Unknown type 'key', should be PubKey or PrivKey")
 
+    def resignWith(self, key):
+        """
+        Resign a certificate with a specific key
+        """
+        self.import_from_asn1pkt(key.resignCert(self))
+
     def remainingDays(self, now=None):
         """
         Based on the value of notAfter field, returns the number of
@@ -896,15 +912,20 @@ def pem(self):
     def der(self):
         return bytes(self.x509Cert)
 
-    def export(self, filename, fmt="DER"):
+    def export(self, filename, fmt=None):
         """
         Export certificate in 'fmt' format (DER or PEM) to file 'filename'
         """
+        if fmt is None:
+            if filename.endswith(".pem"):
+                fmt = "PEM"
+            else:
+                fmt = "DER"
         with open(filename, "wb") as f:
             if fmt == "DER":
-                f.write(self.der)
+                return f.write(self.der)
             elif fmt == "PEM":
-                f.write(self.pem)
+                return f.write(self.pem.encode())
 
     def show(self):
         print("Serial: %s" % self.serial)