From 952367c3764e1ee0b8aaae5fcf0fa41c11519c83 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Date: Wed, 4 Jan 2012 11:09:54 -0800
Subject: [PATCH] Fix bug #8686 - Packet validation checks can be done before length validation causing uninitialized memory read.

---
 source3/smbd/process.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index b370423..5aa19cb 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1442,8 +1442,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
 
 	/* Make sure this is an SMB packet. smb_size contains NetBIOS header
 	 * so subtract 4 from it. */
-	if (!valid_smb_header(req->inbuf)
-	    || (size < (smb_size - 4))) {
+	if ((size < (smb_size - 4)) ||
+	    !valid_smb_header(req->inbuf)) {
 		DEBUG(2,("Non-SMB packet of length %d. Terminating server\n",
 			 smb_len(req->inbuf)));
 		exit_server_cleanly("Non-SMB packet");
-- 
1.7.3.1