From 1111d46cc52e868cf4894909b71f1574196e2887 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 13 Mar 2013 15:23:52 -0700
Subject: libcli/smb: smb1cli_inbuf_parse_chain() and
 smb1cli_conn_dispatch_incoming() should use smb_len_tcp.

They have to cope with large READX call replies that have
a length greater than smb_len_nbt() can handle.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 libcli/smb/smbXcli_base.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libcli/smb')

diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index cd995e9f85..5a5828acc7 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -1618,7 +1618,7 @@ static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	size_t min_size = MIN_SMB_SIZE;
 
-	buflen = smb_len_nbt(buf);
+	buflen = smb_len_tcp(buf);
 	taken = 0;
 
 	hdr = buf + NBT_HDR_SIZE;
@@ -1845,7 +1845,7 @@ static NTSTATUS smb1cli_conn_dispatch_incoming(struct smbXcli_conn *conn,
 	uint16_t mid;
 	bool oplock_break;
 	uint8_t *inhdr = inbuf + NBT_HDR_SIZE;
-	size_t len = smb_len_nbt(inbuf);
+	size_t len = smb_len_tcp(inbuf);
 	struct iovec *iov = NULL;
 	int num_iov = 0;
 	struct tevent_req **chain = NULL;
-- 
cgit