From 12068d4aaca0579b58bbb121df4d1e947f8ea032 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 29 Feb 2012 23:44:36 +0100
Subject: [PATCH] s3: Fix the read&x offset within a chain

---
 source3/smbd/process.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 8fb45123ada..c163212bc0d 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1978,6 +1978,38 @@ static bool smb_splice_chain(uint8_t **poutbuf, const uint8_t *andx_buf)
 	 */
 
 	memcpy(outbuf + ofs, vwv, sizeof(uint16_t) * wct);
+
+	/*
+	 * HACK ALERT
+	 *
+	 * Read&X has an offset into its data buffer at
+	 * vwv[6]. reply_read_andx has no idea anymore that it's
+	 * running from within a chain, so we have to fix up the
+	 * offset here.
+	 *
+	 * Although it looks disgusting at this place, I want to keep
+	 * it here. The alternative would be to push knowledge about
+	 * the andx chain down into read&x again.
+	 */
+
+	if (smb_command == SMBreadX) {
+		uint8_t *bytes_addr;
+
+		if (wct < 7) {
+			/*
+			 * Invalid read&x response
+			 */
+			return false;
+		}
+
+		bytes_addr = outbuf + ofs	 /* vwv start */
+			+ sizeof(uint16_t) * wct /* vwv array */
+			+ sizeof(uint16_t);	 /* bcc */
+
+		SSVAL(outbuf + ofs, 6 * sizeof(uint16_t),
+		      bytes_addr - outbuf - 4);
+	}
+
 	ofs += sizeof(uint16_t) * wct;
 
 	/*
-- 
2.11.4.GIT