s4:smb_server: fix large read_andx requests

author Stefan Metzmacher <metze@samba.org>

Mon, 18 Mar 2013 18:50:38 +0000 (19:50 +0100)

committer Jeremy Allison <jra@samba.org>

Wed, 20 Mar 2013 16:32:26 +0000 (09:32 -0700)
author Stefan Metzmacher <metze@samba.org>
Mon, 18 Mar 2013 18:50:38 +0000 (19:50 +0100)
committer Jeremy Allison <jra@samba.org>
Wed, 20 Mar 2013 16:32:26 +0000 (09:32 -0700)
diff --git a/source4/smb_server/smb/reply.c b/source4/smb_server/smb/reply.c

index bae6b2ca79e061858c322b76db0da49d2d08663e..7ce5f5dbaa51f83bc0f6f15764409220573aa7ea 100644 (file)
--- a/source4/smb_server/smb/reply.c
+++ b/source4/smb_server/smb/reply.c
@@ -848,6 +848,7 @@ static void reply_read_and_X_send(struct ntvfs_request *ntvfs)
  void smbsrv_reply_read_and_X(struct smbsrv_request *req)
  {
         union smb_read *io;
+       uint16_t high_part = 0;
  
         /* parse request */
         if (req->in.wct != 12) {
@@ -869,13 +870,18 @@ void smbsrv_reply_read_and_X(struct smbsrv_request *req)
                 io->readx.in.read_for_execute = false;
         }
  
-       if (req->smb_conn->negotiate.client_caps & CAP_LARGE_READX) {
-               uint32_t high_part = IVAL(req->in.vwv, VWV(7));
-               if (high_part == 1) {
-                       io->readx.in.maxcnt |= high_part << 16;
-               }
+       if (req->smb_conn->negotiate.protocol == PROTOCOL_NT1) {
+               high_part = SVAL(req->in.vwv, VWV(7));
         }
-       
+       if (high_part != UINT16_MAX) {
+               io->readx.in.maxcnt |= high_part << 16;
+       }
+
+       /*
+        * Windows truncates the length to 0x10000
+        */
+       io->readx.in.maxcnt = MIN(io->readx.in.maxcnt, 0x10000);
+
         /* the 64 bit variant */
         if (req->in.wct == 12) {
                 uint32_t offset_high = IVAL(req->in.vwv, VWV(10));
author	Stefan Metzmacher <metze@samba.org>
	Mon, 18 Mar 2013 18:50:38 +0000 (19:50 +0100)
committer	Jeremy Allison <jra@samba.org>
	Wed, 20 Mar 2013 16:32:26 +0000 (09:32 -0700)