From a8dc7d69ab761c49270a333e3d1004ae770e5c6c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 27 Feb 2016 04:14:39 +0100
Subject: [PATCH] CVE-2016-2115: s4:libcli/smb2: use the configured
 min_protocol

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source4/libcli/smb2/connect.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 9535380d646..1a6ae34d2cd 100644
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -134,6 +134,7 @@ static void smb2_connect_socket_done(struct composite_context *creq)
 	struct tevent_req *subreq;
 	NTSTATUS status;
 	uint32_t timeout_msec;
+	enum protocol_types min_protocol;
 
 	status = smbcli_sock_connect_recv(creq, state, &sock);
 	if (tevent_req_nterror(req, status)) {
@@ -146,10 +147,14 @@ static void smb2_connect_socket_done(struct composite_context *creq)
 	}
 
 	timeout_msec = state->transport->options.request_timeout * 1000;
+	min_protocol = state->transport->options.min_protocol;
+	if (min_protocol < PROTOCOL_SMB2_02) {
+		min_protocol = PROTOCOL_SMB2_02;
+	}
 
 	subreq = smbXcli_negprot_send(state, state->ev,
 				      state->transport->conn, timeout_msec,
-				      PROTOCOL_SMB2_02,
+				      min_protocol,
 				      state->transport->options.max_protocol);
 	if (tevent_req_nomem(subreq, req)) {
 		return;
-- 
2.47.2