From f50a4bab7c256222366db4b7bd06e590cb9bbec5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 15 Mar 2013 15:13:24 -0700 Subject: [PATCH] Fix bug #9724 - is_encrypted_packet() function incorrectly used inside server. The is_encrypted_packet() function should only be used on the raw received data to determine if a packet came in encrypted. Once we're inside the SMB1 processing code in smbd/reply.c we should be looking at the smb1request->encrypted field to determine if a packet was really encrypted or not. Signed-off-by: Jeremy Allison --- source3/smbd/reply.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 06f2644..067be6a 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -3136,8 +3136,7 @@ void reply_readbraw(struct smb_request *req) START_PROFILE(SMBreadbraw); - if (srv_is_signing_active(sconn) || - is_encrypted_packet(req->inbuf)) { + if (srv_is_signing_active(sconn) || req->encrypted) { exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - " "raw reads/writes are disallowed."); } @@ -3561,7 +3560,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, */ if (!req_is_in_chain(req) && - !is_encrypted_packet(req->inbuf) && (fsp->base_fsp == NULL) && + !req->encrypted && (fsp->base_fsp == NULL) && (fsp->wcp == NULL) && lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) { uint8 headerbuf[smb_size + 12 * 2]; @@ -3772,8 +3771,7 @@ void reply_read_and_X(struct smb_request *req) return; } /* We currently don't do this on signed or sealed data. */ - if (srv_is_signing_active(req->sconn) || - is_encrypted_packet(req->inbuf)) { + if (srv_is_signing_active(req->sconn) || req->encrypted) { reply_nterror(req, NT_STATUS_NOT_SUPPORTED); END_PROFILE(SMBreadX); return; -- 1.8.1.3