From c2012ac787c05361c7fa9589bec4f7e5c6482a28 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Date: Fri, 5 Dec 2008 13:21:19 -0800
Subject: [PATCH] Fix for crash bug freeing a non-malloc'ed buffer if the
 client sends a non-encrypted packet with the crypto state set.

---
 source/libsmb/smb_seal.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/libsmb/smb_seal.c b/source/libsmb/smb_seal.c
index a81ae9afd55..795c8bc14ca 100644
--- a/source/libsmb/smb_seal.c
+++ b/source/libsmb/smb_seal.c
@@ -388,10 +388,17 @@ void common_free_encryption_state(struct smb_trans_enc_state **pp_es)
 
 void common_free_enc_buffer(struct smb_trans_enc_state *es, char *buf)
 {
+	uint16_t enc_ctx_num;
+
 	if (!common_encryption_on(es)) {
 		return;
 	}
 
+	if (!NT_STATUS_IS_OK(get_enc_ctx_num((const uint8_t *)buf,
+			&enc_ctx_num))) {
+		return;
+	}
+
 	if (es->smb_enc_type == SMB_TRANS_ENC_NTLM) {
 		SAFE_FREE(buf);
 		return;
-- 
2.34.1