diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c
index 057e647..ba06eb5 100644
--- a/source/libsmb/clireadwrite.c
+++ b/source/libsmb/clireadwrite.c
@@ -489,7 +489,7 @@ static bool cli_issue_write(struct cli_state *cli,
 	/* We can only do direct writes if not signing and not encrypting. */
 	bool direct_writes = !client_is_signing_on(cli) && !cli_encryption_on(cli);
 
-	if (!direct_writes && size + 1 > cli->bufsize) {
+	if (!direct_writes && size > cli->bufsize) {
 		cli->outbuf = (char *)SMB_REALLOC(cli->outbuf, size + 1024);
 		if (!cli->outbuf) {
 			return False;
@@ -535,23 +535,21 @@ static bool cli_issue_write(struct cli_state *cli,
 	 */
 	SSVAL(cli->outbuf,smb_vwv9,(size>>16));
 	SSVAL(cli->outbuf,smb_vwv10,size);
-	/* +1 is pad byte. */
 	SSVAL(cli->outbuf,smb_vwv11,
-	      smb_buf(cli->outbuf) - smb_base(cli->outbuf) + 1);
+	      smb_buf(cli->outbuf) - smb_base(cli->outbuf));
 
 	if (large_writex) {
 		SIVAL(cli->outbuf,smb_vwv12,(((SMB_BIG_UINT)offset)>>32) & 0xffffffff);
 	}
 
-	p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11) -1;
-	*p++ = '\0'; /* pad byte. */
+	p = smb_base(cli->outbuf) + SVAL(cli->outbuf,smb_vwv11);
 	if (!direct_writes) {
 		memcpy(p, buf, size);
 	}
 	if (size > 0x1FFFF) {
 		/* This is a POSIX 14 word large write. */
 		set_message_bcc(cli->outbuf, 0); /* Set bcc to zero. */
-		_smb_setlen_large(cli->outbuf,smb_size + 28 + 1 /* pad */ + size - 4);
+		_smb_setlen_large(cli->outbuf,smb_size + 28 + size - 4);
 	} else {
 		cli_setup_bcc(cli, p+size);
 	}