diff options
Diffstat (limited to 'libcli/smb/smb2cli_ioctl.c')
-rw-r--r-- | libcli/smb/smb2cli_ioctl.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c index 15a990c256..8de76359a1 100644 --- a/libcli/smb/smb2cli_ioctl.c +++ b/libcli/smb/smb2cli_ioctl.c @@ -61,6 +61,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, uint32_t output_buffer_offset = 0; uint32_t output_buffer_length = 0; uint32_t pad_length = 0; + uint64_t tmp64; + uint32_t max_dyn_len = 0; req = tevent_req_create(mem_ctx, &state, struct smb2cli_ioctl_state); @@ -70,6 +72,14 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, state->max_input_length = in_max_input_length; state->max_output_length = in_max_output_length; + tmp64 = in_max_input_length; + tmp64 += in_max_output_length; + if (tmp64 > UINT32_MAX) { + max_dyn_len = UINT32_MAX; + } else { + max_dyn_len = tmp64; + } + if (in_input_buffer) { input_buffer_offset = SMB2_HDR_BODY+0x38; input_buffer_length = in_input_buffer->length; @@ -139,7 +149,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx, tcon, session, state->fixed, sizeof(state->fixed), - dyn, dyn_len); + dyn, dyn_len, + max_dyn_len); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); } |