libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310

Signed-off-by: Dan Robertson <drobertson@tripwire.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 44afee1d4a099cbbfaba61416788b9d2b7510cf9..2e4dd15ab628a00fbdabc8f1fe2165c560b49683 100644 (file)
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -371,7 +371,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t tid)
        uint32_t ret;
        if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
                ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-               smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+               smb2cli_tcon_set_id(cli->smb2.tcon, tid);
        } else {
                ret = smb1cli_tcon_current_id(cli->smb1.tcon);
                smb1cli_tcon_set_id(cli->smb1.tcon, tid);