Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.

(This used to be commit c6c4f69b8ddc500890a65829e1b9fb7a3e9839e9)

1 files changed, 8 insertions, 7 deletions

diff --git a/source3/libsmb/smb_signing.c b/source3/libsmb/smb_signing.c
index 9b473fa736..4e9b895a1b 100644
--- a/source3/libsmb/smb_signing.c
+++ b/source3/libsmb/smb_signing.c
@@ -160,11 +160,6 @@ static BOOL cli_simple_check_incoming_message(struct cli_state *cli)
 	SIVAL(sequence_buf, 0, data->reply_seq_num);
 	SIVAL(sequence_buf, 4, 0);
 
-	if (smb_len(cli->inbuf) < (offset_end_of_sig - 4)) {
-		DEBUG(1, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
-		return False;
-	}
-
 	/* get a copy of the server-sent mac */
 	memcpy(server_sent_mac, &cli->inbuf[smb_ss_field], sizeof(server_sent_mac));
 	
@@ -460,8 +455,14 @@ void cli_caclulate_sign_mac(struct cli_state *cli)
 BOOL cli_check_sign_mac(struct cli_state *cli) 
 {
 	BOOL good;
-	good = cli->sign_info.check_incoming_message(cli);
-	
+
+	if (smb_len(cli->inbuf) < (smb_ss_field + 8 - 4)) {
+		DEBUG(cli->sign_info.doing_signing ? 1 : 10, ("Can't check signature on short packet! smb_len = %u\n", smb_len(cli->inbuf)));
+		good = False;
+	} else {
+		good = cli->sign_info.check_incoming_message(cli);
+	}
+
 	if (!good) {
 		if (cli->sign_info.doing_signing) {
 			return False;