diff options
author | Volker Lendecke <Volker.Lendecke@SerNet.DE> | 2012-01-04 11:09:54 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2012-01-23 21:29:34 +0100 |
commit | cc2ba64e2182d6e8ff27e3c459574e8055356b6e (patch) | |
tree | 07811f650be5245c84fd0f702069f59b4f3b7d83 | |
parent | 9d0ef461015d52012e64ca769e71661957d5dd02 (diff) | |
download | samba-cc2ba64e2182d6e8ff27e3c459574e8055356b6e.tar.gz |
Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read.
(cherry picked from commit 24ac26ddfd9ee8841d1984e710a4dfe535b9abcf)
-rw-r--r-- | source3/smbd/process.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/smbd/process.c b/source3/smbd/process.c index b3704233ad8..5aa19cbee0d 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1442,8 +1442,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in /* Make sure this is an SMB packet. smb_size contains NetBIOS header * so subtract 4 from it. */ - if (!valid_smb_header(req->inbuf) - || (size < (smb_size - 4))) { + if ((size < (smb_size - 4)) || + !valid_smb_header(req->inbuf)) { DEBUG(2,("Non-SMB packet of length %d. Terminating server\n", smb_len(req->inbuf))); exit_server_cleanly("Non-SMB packet"); |