diff options
| -rw-r--r-- | source3/libsmb/async_smb.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 52bfc75009..82a919455a 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -552,6 +552,7 @@ bool cli_chain_cork(struct cli_state *cli, struct event_context *ev, void cli_chain_uncork(struct cli_state *cli) { struct cli_request *req = cli->chain_accumulator; + size_t smblen; SMB_ASSERT(req != NULL); @@ -561,7 +562,19 @@ void cli_chain_uncork(struct cli_state *cli) cli->chain_accumulator = NULL; SSVAL(req->outbuf, smb_mid, req->mid); - smb_setlen((char *)req->outbuf, talloc_get_size(req->outbuf) - 4); + + smblen = talloc_get_size(req->outbuf) - 4; + + smb_setlen((char *)req->outbuf, smblen); + + if (smblen > 0x1ffff) { + /* + * This is a POSIX 14 word large write. Overwrite just the + * size field, the '0xFFSMB' has been set by smb_setlen which + * _smb_setlen_large does not do. + */ + _smb_setlen_large(((char *)req->outbuf), smblen); + } cli_calculate_sign_mac(cli, (char *)req->outbuf); |