From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 27 Feb 2016 03:14:39 +0000 (+0100)
Subject: CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
X-Git-Tag: samba-4.2.10~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a8dc7d69ab761c49270a333e3d1004ae770e5c6c;p=thirdparty%2Fsamba.git

CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 9535380d646..1a6ae34d2cd 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -134,6 +134,7 @@ static void smb2_connect_socket_done(struct composite_context *creq)
 	struct tevent_req *subreq;
 	NTSTATUS status;
 	uint32_t timeout_msec;
+	enum protocol_types min_protocol;
 
 	status = smbcli_sock_connect_recv(creq, state, &sock);
 	if (tevent_req_nterror(req, status)) {
@@ -146,10 +147,14 @@ static void smb2_connect_socket_done(struct composite_context *creq)
 	}
 
 	timeout_msec = state->transport->options.request_timeout * 1000;
+	min_protocol = state->transport->options.min_protocol;
+	if (min_protocol < PROTOCOL_SMB2_02) {
+		min_protocol = PROTOCOL_SMB2_02;
+	}
 
 	subreq = smbXcli_negprot_send(state, state->ev,
 				      state->transport->conn, timeout_msec,
-				      PROTOCOL_SMB2_02,
+				      min_protocol,
 				      state->transport->options.max_protocol);
 	if (tevent_req_nomem(subreq, req)) {
 		return;