1 files changed, 8 insertions, 3 deletions

diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c
index 9784afe9e2..bb4b7547a6 100644
--- a/source3/nmbd/nmbd_processlogon.c
+++ b/source3/nmbd/nmbd_processlogon.c
@@ -67,7 +67,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) ));
   strupper(my_name);
 
   code = SVAL(buf,0);
-  DEBUG(1,("process_logon_packet: Logon from %s: code = %x\n", inet_ntoa(p->ip), code));
+  DEBUG(1,("process_logon_packet: Logon from %s: code = 0x%x\n", inet_ntoa(p->ip), code));
 
   switch (code)
   {
@@ -202,10 +202,15 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
       domainsidsize = IVAL(q, 0);
       q += 4;
 
-      if (domainsidsize != 0) {
+      DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize, len));
+
+      if (domainsidsize < (len - PTR_DIFF(q, buf)) && (domainsidsize != 0)) {
 	      q += domainsidsize;
 	      q = ALIGN4(q, buf);
       }
+
+      DEBUG(3,("process_logon_packet: len = %d PTR_DIFF(q, buf) = %d\n", len, PTR_DIFF(q, buf) ));
+
       if (len - PTR_DIFF(q, buf) > 8) {
 	      /* with NT5 clients we can sometimes
 		 get additional data - a length specificed string
@@ -213,7 +218,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
 		 data (no idea what it is) */
 	      int dom_len = CVAL(q, 0);
 	      q++;
-	      if (dom_len != 0) {
+	      if (dom_len < (len - PTR_DIFF(q, buf)) && (dom_len != 0)) {
 		      q += dom_len + 1;
 	      }
 	      q += 16;