From 39977a869beaca27cf081744671a97faae6d5e29 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 22 Nov 2012 21:46:53 +0100
Subject: [PATCH] Fix Bug 9422 - large read requests cause server to issue
 malformed reply

---
 source3/lib/util.c     |    2 +-
 source3/smbd/process.c |    5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/lib/util.c b/source3/lib/util.c
index d751c5b..23bb11c 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -383,7 +383,7 @@ void smb_set_enclen(char *buf,int len,uint16 enc_ctx_num)
 
 void smb_setlen(char *buf,int len)
 {
-	_smb_setlen(buf,len);
+	_smb_setlen_large(buf,len);
 
 	SCVAL(buf,4,0xFF);
 	SCVAL(buf,5,'S');
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 5aa19cb..358d051 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -151,7 +151,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
 		}
 	}
 
-	len = smb_len(buf_out) + 4;
+	len = smb_len_large(buf_out) + 4;
 
 	ret = write_data(sconn->sock, buf_out+nwritten, len - nwritten);
 	if (ret <= 0) {
@@ -2030,7 +2030,8 @@ void chain_reply(struct smb_request *req)
 		 * example).
 		 */
 		req->chain_outbuf = TALLOC_REALLOC_ARRAY(
-			req, req->outbuf, uint8_t, smb_len(req->outbuf) + 4);
+			req, req->outbuf, uint8_t,
+			smb_len_large(req->outbuf) + 4);
 		if (req->chain_outbuf == NULL) {
 			smb_panic("talloc failed");
 		}
-- 
1.7.9.5