From 9e3453459c9166e71f483d67c04be2e49da6c561 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 15 Dec 2004 01:25:24 +0000
Subject: r4212: Ensure we only look at the bottom bit of large_readx. Set the
 14 word version of write if size > 0xffff as well as 64-bit offset. Jeremy.
 (This used to be commit 94779ccb39560bf5eecab77d70f1fa04bfcf1456)

---
 source3/libsmb/clireadwrite.c | 11 ++++++-----
 source3/smbd/reply.c          |  4 +++-
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 1785905ff2e..9e52ed35949 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -259,7 +259,7 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset,
 			    size_t size, int i)
 {
 	char *p;
-	BOOL bigoffset = False;
+	BOOL large_writex = False;
 
 	if (size > cli->bufsize) {
 		cli->outbuf = SMB_REALLOC(cli->outbuf, size + 1024);
@@ -272,10 +272,11 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset,
 	memset(cli->outbuf,'\0',smb_size);
 	memset(cli->inbuf,'\0',smb_size);
 
-	if ((SMB_BIG_UINT)offset >> 32) 
-		bigoffset = True;
+	if (((SMB_BIG_UINT)offset >> 32) || (size > 0xFFFF)) {
+		large_writex = True;
+	}
 
-	if (bigoffset)
+	if (large_writex)
 		set_message(cli->outbuf,14,0,True);
 	else
 		set_message(cli->outbuf,12,0,True);
@@ -303,7 +304,7 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset,
 	SSVAL(cli->outbuf,smb_vwv11,
 	      smb_buf(cli->outbuf) - smb_base(cli->outbuf));
 
-	if (bigoffset)
+	if (large_writex)
 		SIVAL(cli->outbuf,smb_vwv12,(offset>>32) & 0xffffffff);
 	
 	p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index eead0bc1a14..22cbf45e21c 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2239,7 +2239,9 @@ int reply_read_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 	set_message(outbuf,12,0,True);
 
 	if (global_client_caps & CAP_LARGE_READX) {
-		smb_maxcnt |= ((((size_t)SVAL(inbuf,smb_vwv7)) & 1 )<<16);
+		if (SVAL(inbuf,smb_vwv7) == 1) {
+			smb_maxcnt |= (1<<16);
+		}
 		if (smb_maxcnt > BUFFER_SIZE) {
 			DEBUG(0,("reply_read_and_X - read too large (%u) for reply buffer %u\n",
 				(unsigned int)smb_maxcnt, (unsigned int)BUFFER_SIZE));
-- 
cgit