Fix bug #8686 - Packet validation checks can be done before length validation causing...

author Volker Lendecke <Volker.Lendecke@SerNet.DE>

Wed, 4 Jan 2012 19:09:54 +0000 (11:09 -0800)

committer Karolin Seeger <kseeger@samba.org>

Mon, 5 Mar 2012 19:55:01 +0000 (20:55 +0100)
author Volker Lendecke <Volker.Lendecke@SerNet.DE>
Wed, 4 Jan 2012 19:09:54 +0000 (11:09 -0800)
committer Karolin Seeger <kseeger@samba.org>
Mon, 5 Mar 2012 19:55:01 +0000 (20:55 +0100)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c

index 634af0099346a9fe0e9b3b6bfc67d5d6871cece3..cb8600a83665d761fe12eaa2775f06c3664a252b 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1273,8 +1273,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
  
         /* Make sure this is an SMB packet. smb_size contains NetBIOS header
          * so subtract 4 from it. */
-       if (!valid_smb_header(req->inbuf)
-           || (size < (smb_size - 4))) {
+       if ((size < (smb_size - 4)) ||
+           !valid_smb_header(req->inbuf)) {
                 DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
                          smb_len(req->inbuf)));
                 exit_server_cleanly("Non-SMB packet");
author	Volker Lendecke <Volker.Lendecke@SerNet.DE>
	Wed, 4 Jan 2012 19:09:54 +0000 (11:09 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 5 Mar 2012 19:55:01 +0000 (20:55 +0100)