summaryrefslogtreecommitdiff
path: root/libcli/smb/smb2cli_ioctl.c
diff options
context:
space:
mode:
Diffstat (limited to 'libcli/smb/smb2cli_ioctl.c')
-rw-r--r--libcli/smb/smb2cli_ioctl.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/libcli/smb/smb2cli_ioctl.c b/libcli/smb/smb2cli_ioctl.c
index 15a990c256..8de76359a1 100644
--- a/libcli/smb/smb2cli_ioctl.c
+++ b/libcli/smb/smb2cli_ioctl.c
@@ -61,6 +61,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
uint32_t output_buffer_offset = 0;
uint32_t output_buffer_length = 0;
uint32_t pad_length = 0;
+ uint64_t tmp64;
+ uint32_t max_dyn_len = 0;
req = tevent_req_create(mem_ctx, &state,
struct smb2cli_ioctl_state);
@@ -70,6 +72,14 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
state->max_input_length = in_max_input_length;
state->max_output_length = in_max_output_length;
+ tmp64 = in_max_input_length;
+ tmp64 += in_max_output_length;
+ if (tmp64 > UINT32_MAX) {
+ max_dyn_len = UINT32_MAX;
+ } else {
+ max_dyn_len = tmp64;
+ }
+
if (in_input_buffer) {
input_buffer_offset = SMB2_HDR_BODY+0x38;
input_buffer_length = in_input_buffer->length;
@@ -139,7 +149,8 @@ struct tevent_req *smb2cli_ioctl_send(TALLOC_CTX *mem_ctx,
tcon,
session,
state->fixed, sizeof(state->fixed),
- dyn, dyn_len);
+ dyn, dyn_len,
+ max_dyn_len);
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
generated by cgit (git 2.34.1) at 2024-05-18 17:10:15 +0000