Created attachment 16134 [details]
Patch to exclude NetBIOS header allowance
There are checks on the request size in both reply_lockread_locked() and reply_read() which attempt to limit the amount read to the smaller of the request and the negotiated SMB1 session max_send value less headers.
However, the calculation uses smb_read (=39) which includes a 4 byte NetBIOS header, while the negotiated max_send value is independent of whether it's wrapped in NetBIOS or not.
This means that any client which does the calculation at their end gets replies which are 4 bytes too short.
Attached patch changes this to use MIN_SMB_SIZE (=35) instead.