Created attachment 16134 [details] Patch to exclude NetBIOS header allowance There are checks on the request size in both reply_lockread_locked() and reply_read() which attempt to limit the amount read to the smaller of the request and the negotiated SMB1 session max_send value less headers. However, the calculation uses smb_read (=39) which includes a 4 byte NetBIOS header, while the negotiated max_send value is independent of whether it's wrapped in NetBIOS or not. This means that any client which does the calculation at their end gets replies which are 4 bytes too short. Attached patch changes this to use MIN_SMB_SIZE (=35) instead.