diff options
-rw-r--r-- | source3/libsmb/clireadwrite.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index e8c901755d..79624ecbef 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -850,7 +850,7 @@ struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx, return NULL; } - size = MIN(size, max_write); + state->size = MIN(size, max_write); vwv = state->vwv; @@ -862,8 +862,8 @@ struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx, SIVAL(vwv+5, 0, 0); SSVAL(vwv+7, 0, mode); SSVAL(vwv+8, 0, 0); - SSVAL(vwv+9, 0, (size>>16)); - SSVAL(vwv+10, 0, size); + SSVAL(vwv+9, 0, (state->size>>16)); + SSVAL(vwv+10, 0, state->size); SSVAL(vwv+11, 0, cli_smb_wct_ofs(reqs_before, num_reqs_before) @@ -933,7 +933,18 @@ static void cli_write_andx_done(struct tevent_req *subreq) return; } state->written = SVAL(vwv+2, 0); - state->written |= SVAL(vwv+4, 0)<<16; + if (state->size > UINT16_MAX) { + /* + * It is important that we only set the + * high bits only if we asked for a large write. + * + * OS/2 print shares get this wrong and may send + * invalid values. + * + * See bug #5326. + */ + state->written |= SVAL(vwv+4, 0)<<16; + } tevent_req_done(req); } |