Created attachment 16134 [details] Patch to exclude NetBIOS header allowance There are checks on the request size in both reply_lockread_locked() and reply_read() which attempt to limit the amount read to the smaller of the request and the negotiated SMB1 session max_send value less headers. However, the calculation uses smb_read (=39) which includes a 4 byte NetBIOS header, while the negotiated max_send value is independent of whether it's wrapped in NetBIOS or not. This means that any client which does the calculation at their end gets replies which are 4 bytes too short. Attached patch changes this to use MIN_SMB_SIZE (=35) instead.
Hi sprow, this looks good I think. Can you send in a Samba developers declaration, as detailed here: https://www.samba.org/samba/devel/copyright-policy.html It will make it much easier for us to accept this fix (we won't have to re-write it). Thanks ! Jeremy.
Developer declaration received.
This bug was referenced in samba master: 174a76cc27f25120af5a86bee3f26d9afad87d8f
Created attachment 17328 [details] git-am fix for 4.16.next, 4.15.next. Cherry-picked from master. Applies cleanly to 4.16.next, 4.15.next.
Comment on attachment 17328 [details] git-am fix for 4.16.next, 4.15.next. lgtm
reassign to Jule for inclusion in 4.16, 4.15
Pushed to autobuild-v4-{16,15}-test.
This bug was referenced in samba v4-16-test: bb60c85153b288b358d288b3ee9f4bceb1304e20
This bug was referenced in samba v4-15-test: d7ea828244830ef70ea406f7c41ce1fc7801c281
Closing out bug report. Thanks!
This bug was referenced in samba v4-16-stable (Release samba-4.16.2): bb60c85153b288b358d288b3ee9f4bceb1304e20
This bug was referenced in samba v4-15-stable (Release samba-4.15.8): d7ea828244830ef70ea406f7c41ce1fc7801c281