From 1111d46cc52e868cf4894909b71f1574196e2887 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 13 Mar 2013 15:23:52 -0700 Subject: libcli/smb: smb1cli_inbuf_parse_chain() and smb1cli_conn_dispatch_incoming() should use smb_len_tcp. They have to cope with large READX call replies that have a length greater than smb_len_nbt() can handle. Signed-off-by: Jeremy Allison Reviewed-by: Stefan Metzmacher --- libcli/smb/smbXcli_base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index cd995e9f85..5a5828acc7 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -1618,7 +1618,7 @@ static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx, NTSTATUS status; size_t min_size = MIN_SMB_SIZE; - buflen = smb_len_nbt(buf); + buflen = smb_len_tcp(buf); taken = 0; hdr = buf + NBT_HDR_SIZE; @@ -1845,7 +1845,7 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn, uint16_t mid; bool oplock_break; uint8_t *inhdr = inbuf + NBT_HDR_SIZE; - size_t len = smb_len_nbt(inbuf); + size_t len = smb_len_tcp(inbuf); struct iovec *iov = NULL; int num_iov = 0; struct tevent_req **chain = NULL; -- cgit