summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/libsmb/clireadwrite.c19
1 files changed, 15 insertions, 4 deletions
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index e8c901755d..79624ecbef 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -850,7 +850,7 @@ struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx,
return NULL;
}
- size = MIN(size, max_write);
+ state->size = MIN(size, max_write);
vwv = state->vwv;
@@ -862,8 +862,8 @@ struct tevent_req *cli_write_andx_create(TALLOC_CTX *mem_ctx,
SIVAL(vwv+5, 0, 0);
SSVAL(vwv+7, 0, mode);
SSVAL(vwv+8, 0, 0);
- SSVAL(vwv+9, 0, (size>>16));
- SSVAL(vwv+10, 0, size);
+ SSVAL(vwv+9, 0, (state->size>>16));
+ SSVAL(vwv+10, 0, state->size);
SSVAL(vwv+11, 0,
cli_smb_wct_ofs(reqs_before, num_reqs_before)
@@ -933,7 +933,18 @@ static void cli_write_andx_done(struct tevent_req *subreq)
return;
}
state->written = SVAL(vwv+2, 0);
- state->written |= SVAL(vwv+4, 0)<<16;
+ if (state->size > UINT16_MAX) {
+ /*
+ * It is important that we only set the
+ * high bits only if we asked for a large write.
+ *
+ * OS/2 print shares get this wrong and may send
+ * invalid values.
+ *
+ * See bug #5326.
+ */
+ state->written |= SVAL(vwv+4, 0)<<16;
+ }
tevent_req_done(req);
}