From: Dan Robertson <drobertson@tripwire.com>
Date: Thu, 22 Feb 2018 20:47:11 +0000 (+0000)
Subject: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
X-Git-Tag: samba-4.6.15~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8fe0589cb1f8ac33aed689fe6507f4527412660b;p=thirdparty%2Fsamba.git

libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310

Signed-off-by: Dan Robertson <drobertson@tripwire.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b67ffaf518c971817b167b41bf6226cddfdcfd2f)
---

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e675f95af60..305f56741bc 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -384,7 +384,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
 	uint32_t ret;
 	if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
 		ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-		smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+		smb2cli_tcon_set_id(cli->smb2.tcon, tid);
 	} else {
 		ret = smb1cli_tcon_current_id(cli->smb1.tcon);
 		smb1cli_tcon_set_id(cli->smb1.tcon, tid);