CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 9535380d6468dc9831cc65b1ea5982a0a57c5c71..1a6ae34d2cd9a98f3ba8bc69126add43e20cff57 100644 (file)
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -134,6 +134,7 @@ static void smb2_connect_socket_done(struct composite_context *creq)
        struct tevent_req *subreq;
        NTSTATUS status;
        uint32_t timeout_msec;
+       enum protocol_types min_protocol;
 
        status = smbcli_sock_connect_recv(creq, state, &sock);
        if (tevent_req_nterror(req, status)) {
@@ -146,10 +147,14 @@ static void smb2_connect_socket_done(struct composite_context *creq)
        }
 
        timeout_msec = state->transport->options.request_timeout * 1000;
+       min_protocol = state->transport->options.min_protocol;
+       if (min_protocol < PROTOCOL_SMB2_02) {
+               min_protocol = PROTOCOL_SMB2_02;
+       }
 
        subreq = smbXcli_negprot_send(state, state->ev,
                                      state->transport->conn, timeout_msec,
-                                     PROTOCOL_SMB2_02,
+                                     min_protocol,
                                      state->transport->options.max_protocol);
        if (tevent_req_nomem(subreq, req)) {
                return;