Fix bug #8219 - SMB Panic from Windows 7 Client

Caused by referencing an uninitialized variable in the
duplicated struct smbd_smb2_request when sending a signed
intermediate reply.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jun 29 04:37:28 CEST 2011 on sn-devel-104

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 65bb5b9eb0a80f3a089ac8ee5372fb1c773748ac..24953edb5e9dd1de83f74900baecce33e39f7401 100644 (file)
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -665,10 +665,18 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re
        }
 
        newreq->sconn = req->sconn;
+       newreq->session = req->session;
        newreq->do_signing = req->do_signing;
        newreq->current_idx = req->current_idx;
        newreq->async = false;
        newreq->cancelled = false;
+       /* Note we are leaving:
+               ->tcon
+               ->smb1req
+               ->compat_chain_fsp
+          uninitialized as NULL here as
+          they're not used in the interim
+          response code. JRA. */
 
        outvec = talloc_zero_array(newreq, struct iovec, count);
        if (!outvec) {