From: Volker Lendecke <vl@samba.org>
Date: Fri, 19 Dec 2008 17:15:30 +0000 (+0100)
Subject: Fix setting smb_len for huge write&x calls
X-Git-Tag: samba-4.0.0alpha6~463^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae1d6020f0a6565959287c229fb7ecd7f5f40231;p=thirdparty%2Fsamba.git

Fix setting smb_len for huge write&x calls
---

diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index 52bfc750092..82a919455a5 100644
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -552,6 +552,7 @@ bool cli_chain_cork(struct cli_state *cli, struct event_context *ev,
 void cli_chain_uncork(struct cli_state *cli)
 {
 	struct cli_request *req = cli->chain_accumulator;
+	size_t smblen;
 
 	SMB_ASSERT(req != NULL);
 
@@ -561,7 +562,19 @@ void cli_chain_uncork(struct cli_state *cli)
 	cli->chain_accumulator = NULL;
 
 	SSVAL(req->outbuf, smb_mid, req->mid);
-	smb_setlen((char *)req->outbuf, talloc_get_size(req->outbuf) - 4);
+
+	smblen = talloc_get_size(req->outbuf) - 4;
+
+	smb_setlen((char *)req->outbuf, smblen);
+
+	if (smblen > 0x1ffff) {
+		/*
+		 * This is a POSIX 14 word large write. Overwrite just the
+		 * size field, the '0xFFSMB' has been set by smb_setlen which
+		 * _smb_setlen_large does not do.
+		 */
+		_smb_setlen_large(((char *)req->outbuf), smblen);
+	}
 
 	cli_calculate_sign_mac(cli, (char *)req->outbuf);