summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/reply.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/source4/smb_server/smb/reply.c b/source4/smb_server/smb/reply.c
index bae6b2ca79..7ce5f5dbaa 100644
--- a/source4/smb_server/smb/reply.c
+++ b/source4/smb_server/smb/reply.c
@@ -848,6 +848,7 @@ static void reply_read_and_X_send(struct ntvfs_request *ntvfs)
void smbsrv_reply_read_and_X(struct smbsrv_request *req)
{
union smb_read *io;
+ uint16_t high_part = 0;
/* parse request */
if (req->in.wct != 12) {
@@ -869,13 +870,18 @@ void smbsrv_reply_read_and_X(struct smbsrv_request *req)
io->readx.in.read_for_execute = false;
}
- if (req->smb_conn->negotiate.client_caps & CAP_LARGE_READX) {
- uint32_t high_part = IVAL(req->in.vwv, VWV(7));
- if (high_part == 1) {
- io->readx.in.maxcnt |= high_part << 16;
- }
+ if (req->smb_conn->negotiate.protocol == PROTOCOL_NT1) {
+ high_part = SVAL(req->in.vwv, VWV(7));
}
-
+ if (high_part != UINT16_MAX) {
+ io->readx.in.maxcnt |= high_part << 16;
+ }
+
+ /*
+ * Windows truncates the length to 0x10000
+ */
+ io->readx.in.maxcnt = MIN(io->readx.in.maxcnt, 0x10000);
+
/* the 64 bit variant */
if (req->in.wct == 12) {
uint32_t offset_high = IVAL(req->in.vwv, VWV(10));