s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit lp_max_xmit()

The current limit of 128*1024 causes problems as the value has to be
<= UINT16_MAX otherwise some clients get confused, as they want to
use the MaxBufferSize value from the negprot response (uint32_t)
for the MaxBufferSize value in thet session setup request (uint16_t).
E.g. Windows 7 (as client) sends MaxBufferSize = 0 if the server value
is > UINT16_MAX.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 41b3611f306211b91ff428428d37605ba4b017b7..938ee4ca490929b4143561a0472e1282967f6938 100644 (file)
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -3396,6 +3396,7 @@ void smbd_process(struct tevent_context *ev_ctx,
        const char *remaddr = NULL;
        char *rhost;
        int ret;
+       int tmp;
 
        conn = talloc_zero(ev_ctx, struct smbXsrv_connection);
        if (conn == NULL) {
@@ -3692,7 +3693,11 @@ void smbd_process(struct tevent_context *ev_ctx,
 
        sconn->nbt.got_session = false;
 
-       sconn->smb1.negprot.max_recv = MIN(lp_max_xmit(),BUFFER_SIZE);
+       tmp = lp_max_xmit();
+       tmp = MAX(tmp, SMB_BUFFER_SIZE_MIN);
+       tmp = MIN(tmp, SMB_BUFFER_SIZE_MAX);
+
+       sconn->smb1.negprot.max_recv = tmp;
 
        sconn->smb1.sessions.done_sesssetup = false;
        sconn->smb1.sessions.max_send = BUFFER_SIZE;