sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

CVE-2020-25722 Check for all errors from acl_check_extended_right() in acl_check_spn()

Browse Source 
We should not fail open on error.

BUG:  https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2021-11-01 17:21:16 +13:00 committed by Jule Anger
parent 42eb5fee22
commit 2c4aee1145
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source4/dsdb/samdb/ldb_modules/acl.c
View File

@ -715,7 +715,7 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
SEC_ADS_SELF_WRITE,
sid);
if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
if (ret != LDB_SUCCESS) {
dsdb_acl_debug(sd, acl_user_token(module),
req->op.mod.message->dn,
true,