Fix bug reported by David Eisner <deisner@gmail.com>. When allocating cli

buffers for large read/write - make sure we take account of the large
read/write SMB headers as well as the buffer space.
Jeremy.

diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index 3b97beb225a094a881481fee902288cfe8bfbe1e..632d91013e7b10a9b19cfe4f35a9e6473f757e79 100644 (file)
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -1353,9 +1353,9 @@ bool cli_negprot(struct cli_state *cli)
                if (cli->capabilities & (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
                        SAFE_FREE(cli->outbuf);
                        SAFE_FREE(cli->inbuf);
-                       cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
-                       cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
-                       cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
+                       cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+                       cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+                       cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
                }
 
        } else if (cli->protocol >= PROTOCOL_LANMAN1) {