summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libsmb/async_smb.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index 52bfc75009..82a919455a 100644
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -552,6 +552,7 @@ bool cli_chain_cork(struct cli_state *cli, struct event_context *ev,
void cli_chain_uncork(struct cli_state *cli)
{
struct cli_request *req = cli->chain_accumulator;
+ size_t smblen;
SMB_ASSERT(req != NULL);
@@ -561,7 +562,19 @@ void cli_chain_uncork(struct cli_state *cli)
cli->chain_accumulator = NULL;
SSVAL(req->outbuf, smb_mid, req->mid);
- smb_setlen((char *)req->outbuf, talloc_get_size(req->outbuf) - 4);
+
+ smblen = talloc_get_size(req->outbuf) - 4;
+
+ smb_setlen((char *)req->outbuf, smblen);
+
+ if (smblen > 0x1ffff) {
+ /*
+ * This is a POSIX 14 word large write. Overwrite just the
+ * size field, the '0xFFSMB' has been set by smb_setlen which
+ * _smb_setlen_large does not do.
+ */
+ _smb_setlen_large(((char *)req->outbuf), smblen);
+ }
cli_calculate_sign_mac(cli, (char *)req->outbuf);