From a01f7e0d9978c88f4cec51d9795c5454f8436c67 Mon Sep 17 00:00:00 2001
From: Dan Robertson <drobertson@tripwire.com>
Date: Thu, 22 Feb 2018 20:47:11 +0000
Subject: [PATCH] libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310

Signed-off-by: Dan Robertson <drobertson@tripwire.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b67ffaf518c971817b167b41bf6226cddfdcfd2f)
---
 source3/libsmb/clientgen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 44afee1d4a0..2e4dd15ab62 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -371,7 +371,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
 	uint32_t ret;
 	if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
 		ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-		smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+		smb2cli_tcon_set_id(cli->smb2.tcon, tid);
 	} else {
 		ret = smb1cli_tcon_current_id(cli->smb1.tcon);
 		smb1cli_tcon_set_id(cli->smb1.tcon, tid);
-- 
2.16.2.395.g2e18187dfd-goog