From 8a2b11fda30eef3883bbe9ea538dae6f68216fd9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Mar 2023 10:11:05 +0100 Subject: [PATCH 12/28] CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 9ea06aaf9f57e3c7094553d9ac40fb73057a9b74) Conflict: NA Reference: https://download.samba.org/pub/samba/patches/security/samba-4.18.8-security-2023-10-10.patch [PATCH 12/28] CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add() --- source4/librpc/ndr/py_security.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c index ff3de775af6..ac92f3a47a3 100644 --- a/source4/librpc/ndr/py_security.c +++ b/source4/librpc/ndr/py_security.c @@ -176,12 +176,13 @@ static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args) NTSTATUS status; struct security_ace *ace; PyObject *py_ace; + Py_ssize_t idx = -1; - if (!PyArg_ParseTuple(args, "O", &py_ace)) + if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx)) return NULL; ace = pytalloc_get_ptr(py_ace); - status = security_descriptor_sacl_add(desc, ace); + status = security_descriptor_sacl_insert(desc, ace, idx); PyErr_NTSTATUS_IS_ERR_RAISE(status); Py_RETURN_NONE; } @@ -192,13 +193,14 @@ static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args) NTSTATUS status; struct security_ace *ace; PyObject *py_ace; + Py_ssize_t idx = -1; - if (!PyArg_ParseTuple(args, "O", &py_ace)) + if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx)) return NULL; ace = pytalloc_get_ptr(py_ace); - status = security_descriptor_dacl_add(desc, ace); + status = security_descriptor_dacl_insert(desc, ace, idx); PyErr_NTSTATUS_IS_ERR_RAISE(status); Py_RETURN_NONE; } -- 2.34.1