From ac647d03ac271b0a81b6c8041e2c6b84ada13aca Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sun, 19 Oct 2008 13:44:11 +0200
Subject: Move the global hosts_allow() check out of the processing loop

---
 source3/smbd/process.c | 41 ++++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index ceffd6f46c..7b0d14968a 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1534,25 +1534,6 @@ static void process_smb(char *inbuf, size_t nread, size_t unread_bytes, bool enc
 
 	DO_PROFILE_INC(smb_count);
 
-	if (trans_num == 0) {
-		char addr[INET6_ADDRSTRLEN];
-
-		/* on the first packet, check the global hosts allow/ hosts
-		deny parameters before doing any parsing of the packet
-		passed to us by the client.  This prevents attacks on our
-		parsing code from hosts not in the hosts allow list */
-
-		if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
-				  lp_hostsdeny(-1))) {
-			/* send a negative session response "not listening on calling name" */
-			static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
-			DEBUG( 1, ( "Connection denied from %s\n",
-				client_addr(get_client_fd(),addr,sizeof(addr)) ) );
-			(void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
-			exit_server_cleanly("connection denied");
-		}
-	}
-
 	DEBUG( 6, ( "got message type 0x%x of len 0x%x\n", msg_type,
 		    smb_len(inbuf) ) );
 	DEBUG( 3, ( "Transaction %d of length %d (%u toread)\n", trans_num,
@@ -1893,6 +1874,28 @@ void smbd_process(void)
 	unsigned int num_smbs = 0;
 	size_t unread_bytes = 0;
 
+	char addr[INET6_ADDRSTRLEN];
+
+	/*
+	 * Before the first packet, check the global hosts allow/ hosts deny
+	 * parameters before doing any parsing of packets passed to us by the
+	 * client. This prevents attacks on our parsing code from hosts not in
+	 * the hosts allow list.
+	 */
+
+	if (!check_access(smbd_server_fd(), lp_hostsallow(-1),
+			  lp_hostsdeny(-1))) {
+		/*
+		 * send a negative session response "not listening on calling
+		 * name"
+		 */
+		unsigned char buf[5] = {0x83, 0, 0, 1, 0x81};
+		DEBUG( 1, ("Connection denied from %s\n",
+			   client_addr(get_client_fd(),addr,sizeof(addr)) ) );
+		(void)srv_send_smb(smbd_server_fd(),(char *)buf,false);
+		exit_server_cleanly("connection denied");
+	}
+
 	max_recv = MIN(lp_maxxmit(),BUFFER_SIZE);
 
 	while (True) {
-- 
cgit