Fix bug #8219 - SMB Panic from Windows 7 Client

Caused by referencing an uninitialized variable in the
duplicated struct smbd_smb2_request when sending a signed
intermediate reply.

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 7cbe90a77396792aa2925e940c67902bdff52087..8c75d0282438d75b248fc6bb10906d313eecc93f 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -665,10 +665,18 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re
        }
 
        newreq->sconn = req->sconn;
+       newreq->session = req->session;
        newreq->do_signing = req->do_signing;
        newreq->current_idx = req->current_idx;
        newreq->async = false;
        newreq->cancelled = false;
+       /* Note we are leaving:
+               ->tcon
+               ->smb1req
+               ->compat_chain_fsp
+          uninitialized as NULL here as
+          they're not used in the interim
+          response code. JRA. */
 
        outvec = talloc_zero_array(newreq, struct iovec, count);
        if (!outvec) {