From b9c1a86c169d22c3eb26308e458cd3c6e00b3ea1 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 15 Mar 2013 15:05:31 -0700
Subject: [PATCH] Fix bug #9724 - is_encrypted_packet() function incorrectly
 used inside server.

The is_encrypted_packet() function should only be used on the raw received data
to determine if a packet came in encrypted. Once we're inside the SMB1
processing code in smbd/reply.c we should be looking at the
smb1request->encrypted field to determine if a packet was really encrypted or
not.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 source3/smbd/reply.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e35d043..ae89063 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -3294,8 +3294,7 @@ void reply_readbraw(struct smb_request *req)
 
 	START_PROFILE(SMBreadbraw);
 
-	if (srv_is_signing_active(sconn) ||
-	    is_encrypted_packet(sconn, req->inbuf)) {
+	if (srv_is_signing_active(sconn) || req->encrypted) {
 		exit_server_cleanly("reply_readbraw: SMB signing/sealing is active - "
 			"raw reads/writes are disallowed.");
 	}
@@ -3698,7 +3697,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req,
 	 */
 
 	if (!req_is_in_chain(req) &&
-	    !is_encrypted_packet(req->sconn, req->inbuf) &&
+	    !req->encrypted &&
 	    (fsp->base_fsp == NULL) &&
 	    (fsp->wcp == NULL) &&
 	    lp_use_sendfile(SNUM(conn), req->sconn->smb1.signing_state) ) {
-- 
1.8.1.3