packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0004-CVE-2023-0614.patch

79 lines
3.0 KiB
Diff
Raw Blame History

From ad6945f667329d75174cfb9e90786f811c579355 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 27 Jan 2023 07:57:27 +1300
Subject: [PATCH 02/34] CVE-2023-0614 libcli/security: Make some parameters
const
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Updated to add const to sec_access_check_ds()
instead of the sec_access_check_ds_implicit_owner() wrapper
found in 4.18 and later]
Conflict: NA
Reference: https://attachments.samba.org/attachment.cgi?id=17821
---
libcli/security/access_check.c | 10 +++++-----
libcli/security/access_check.h | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index f5051b0fa93..7dd3798703c 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -394,7 +394,7 @@ NTSTATUS se_file_access_check(const struct security_descriptor *sd,
return NT_STATUS_OK;
}
-static const struct GUID *get_ace_object_type(struct security_ace *ace)
+static const struct GUID *get_ace_object_type(const struct security_ace *ace)
{
if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
return &ace->object.object.type.type;
@@ -412,7 +412,7 @@ static const struct GUID *get_ace_object_type(struct security_ace *ace)
* rights to the object/attribute
* @returns NT_STATUS_OK, unless access was denied
*/
-static NTSTATUS check_object_specific_access(struct security_ace *ace,
+static NTSTATUS check_object_specific_access(const struct security_ace *ace,
struct object_tree *tree,
bool *grant_access)
{
@@ -505,7 +505,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
uint32_t access_desired,
uint32_t *access_granted,
struct object_tree *tree,
- struct dom_sid *replace_sid)
+ const struct dom_sid *replace_sid)
{
uint32_t i;
uint32_t bits_remaining;
@@ -556,8 +556,8 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
/* check each ace in turn. */
for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) {
- struct dom_sid *trustee;
- struct security_ace *ace = &sd->dacl->aces[i];
+ const struct dom_sid *trustee;
+ const struct security_ace *ace = &sd->dacl->aces[i];
NTSTATUS status;
bool grant_access = false;
diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h
index 96e33c6624f..37ca078a24e 100644
--- a/libcli/security/access_check.h
+++ b/libcli/security/access_check.h
@@ -74,7 +74,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
uint32_t access_desired,
uint32_t *access_granted,
struct object_tree *tree,
- struct dom_sid *replace_sid);
+ const struct dom_sid *replace_sid);
bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
const struct GUID *guid,
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink