From 19ca98a162050807ad96b3a3f1f8e1982c7d2c3e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Aug 2012 15:08:40 +0200
Subject: s3:smb2_server: verify the signature before the session_status

metze
---
 source3/smbd/smb2_server.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 5c757c02e0..027334ce13 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1789,9 +1789,6 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 
 		signing_key = x->global->channels[0].signing_key;
 
-		if (!NT_STATUS_IS_OK(session_status)) {
-			return smbd_smb2_request_error(req, session_status);
-		}
 
 		req->do_signing = true;
 		status = smb2_signing_check_pdu(signing_key,
@@ -1801,6 +1798,10 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req)
 		if (!NT_STATUS_IS_OK(status)) {
 			return smbd_smb2_request_error(req, status);
 		}
+
+		if (!NT_STATUS_IS_OK(session_status)) {
+			return smbd_smb2_request_error(req, session_status);
+		}
 	} else if (opcode == SMB2_OP_CANCEL) {
 		/* Cancel requests are allowed to skip the signing */
 	} else if (signing_required) {
-- 
cgit