smb: Fixed a problem with large file transfers

Fixed an issue with the message size calculation where the raw bytes from the buffer were interpreted as signed values rather than unsigned values. Reported-by: Gisle Vanem Assisted-by: Bill Nagel
author: Steve Holme <steve_holme@hotmail.com> 2014-12-06 21:44:00 +0000
committer: Steve Holme <steve_holme@hotmail.com> 2014-12-06 21:44:00 +0000
commit: befe9a10b976bba109d4dbde6dc1deb2cd0a79bc (patch)
tree: 1224dc57203568030e2ba006ca7a361a4d8624bb /lib/smb.c
parent: 36d45eabc0dda3b2bc74b44a364f520947533b79 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/smb.c b/lib/smb.c
index fa9e43fca..1644471df 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -266,11 +266,11 @@ static CURLcode smb_recv_message(struct connectdata *conn, void **msg)
   msg_size = sizeof(struct smb_header);
   if(nbt_size >= msg_size + 1) {
     /* Add the word count */
-    msg_size += 1 + buf[msg_size] * sizeof(unsigned short);
+    msg_size += 1 + ((unsigned char) buf[msg_size]) * sizeof(unsigned short);
     if(nbt_size >= msg_size + sizeof(unsigned short)) {
       /* Add the byte count */
-      msg_size += sizeof(unsigned short) + buf[msg_size] +
-                  (buf[msg_size + 1] << 8);
+      msg_size += sizeof(unsigned short) + ((unsigned char) buf[msg_size]) +
+                  (((unsigned char) buf[msg_size + 1]) << 8);
       if(nbt_size < msg_size)
         return CURLE_READ_ERROR;
     }
author	Steve Holme <steve_holme@hotmail.com>	2014-12-06 21:44:00 +0000
committer	Steve Holme <steve_holme@hotmail.com>	2014-12-06 21:44:00 +0000
commit	befe9a10b976bba109d4dbde6dc1deb2cd0a79bc (patch)
tree	1224dc57203568030e2ba006ca7a361a4d8624bb /lib/smb.c
parent	36d45eabc0dda3b2bc74b44a364f520947533b79 (diff)