Created attachment 7077 [details] Patch for master
Comment on attachment 7077 [details] Patch for master Looks good to me.
Personally I'd just push this to master and release in 3.6.2. This isn't worth a security release - we've already fixed a similar bug in 3.6.1. Whilst SMB2 isn't on by default I think we're ok with this. There's no danger of a privilege escalation here. Jeremy.
Reassigning to Karolin for inclusion in 3.6.2. Jeremy.
Pushed to v3-6-test. Closing out bug report. Thanks!