Bug 13310 - cli_state_set_tid() uses wrong member for SMB2.
Summary: cli_state_set_tid() uses wrong member for SMB2.
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-27 18:18 UTC by Jeremy Allison
Modified: 2018-03-13 13:22 UTC (History)
3 users (show)

See Also:

Attachments
git-am fox for 4.8.0rcNext, 4.7.next, 4.6.next. (1.31 KB, patch)
2018-03-02 19:08 UTC, Jeremy Allison 		asn: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2018-02-27 18:18:38 UTC 
From: Dan Robertson <drobertson@tripwire.com>
Date: Thu, 22 Feb 2018 20:47:11 +0000
Subject: [PATCH] libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.

Signed-off-by: Dan Robertson <drobertson@tripwire.com>
---
 source3/libsmb/clientgen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 44afee1d4a0..2e4dd15ab62 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -371,7 +371,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
        uint32_t ret;
        if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
                ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-               smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+               smb2cli_tcon_set_id(cli->smb2.tcon, tid);
        } else {
                ret = smb1cli_tcon_current_id(cli->smb1.tcon);
                smb1cli_tcon_set_id(cli->smb1.tcon, tid);
Comment 1 Jeremy Allison 2018-03-02 19:08:39 UTC 
Created attachment 14017 [details]
git-am fox for 4.8.0rcNext, 4.7.next, 4.6.next.

Cherry-pick from master.
Comment 2 Andreas Schneider 2018-03-03 07:59:54 UTC 
Karolin, please add the patch to the relevant versions. Thanks!
Comment 3 Stefan Metzmacher 2018-03-07 14:12:13 UTC 
Pushed to autobuild-v4-8-test.
Comment 4 Stefan Metzmacher 2018-03-08 12:27:24 UTC 
(In reply to Stefan Metzmacher from comment #3)

Pushed to v4-8-test, further backporting need to follow
Comment 5 Stefan Metzmacher 2018-03-08 12:34:10 UTC 
Pushed to autobuild-v4-{6,7}-test.
Comment 6 Stefan Metzmacher 2018-03-13 13:22:56 UTC 
(In reply to Stefan Metzmacher from comment #5)

Pushed to v4-{6,7}-test.