From befe9a10b976bba109d4dbde6dc1deb2cd0a79bc Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sat, 6 Dec 2014 21:44:00 +0000
Subject: [PATCH] smb: Fixed a problem with large file transfers

Fixed an issue with the message size calculation where the raw bytes
from the buffer were interpreted as signed values rather than unsigned
values.

Reported-by: Gisle Vanem
Assisted-by: Bill Nagel
---
 lib/smb.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/smb.c b/lib/smb.c
index fa9e43fcac10ba..1644471dfd90bf 100644
--- a/lib/smb.c
+++ b/lib/smb.c
@@ -266,11 +266,11 @@ static CURLcode smb_recv_message(struct connectdata *conn, void **msg)
   msg_size = sizeof(struct smb_header);
   if(nbt_size >= msg_size + 1) {
     /* Add the word count */
-    msg_size += 1 + buf[msg_size] * sizeof(unsigned short);
+    msg_size += 1 + ((unsigned char) buf[msg_size]) * sizeof(unsigned short);
     if(nbt_size >= msg_size + sizeof(unsigned short)) {
       /* Add the byte count */
-      msg_size += sizeof(unsigned short) + buf[msg_size] +
-                  (buf[msg_size + 1] << 8);
+      msg_size += sizeof(unsigned short) + ((unsigned char) buf[msg_size]) +
+                  (((unsigned char) buf[msg_size + 1]) << 8);
       if(nbt_size < msg_size)
         return CURLE_READ_ERROR;
     }