From 5ad8536ec766b1d0867acfe2c34677400fb29526 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Wed, 4 Sep 2024 17:13:44 +0200
Subject: [PATCH] libsecurity: Simplify struct ace_condition_script

We only need the stack temporarily, no reason to put it in the struct

Signed-off-by: Volker Lendecke <vl@samba.org>
Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep  6 14:23:58 UTC 2024 on atb-devel-224
---
 libcli/security/conditional_ace.c      | 54 +++++++++++++-------------
 libcli/security/sddl_conditional_ace.c | 12 +++---
 librpc/idl/conditional_ace.idl         |  1 -
 3 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index 158c8ecf82e..c2411c4649e 100644
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -706,17 +706,6 @@ struct ace_condition_script *parse_conditional_ace(TALLOC_CTX *mem_ctx,
 	if (program->tokens == NULL) {
 		goto fail;
 	}
-	/*
-	 * When interpreting the program we will need a stack, which in the
-	 * very worst case can be as deep as the program is long.
-	 */
-	program->stack = talloc_array(program,
-				      struct ace_condition_token,
-				      program->length + 1);
-	if (program->stack == NULL) {
-		goto fail;
-	}
-
 	return program;
   fail:
 	talloc_free(program);
@@ -2218,8 +2207,20 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 	struct ace_condition_token *lhs = NULL;
 	struct ace_condition_token *rhs = NULL;
 	struct ace_condition_token result = {};
+	struct ace_condition_token *stack = NULL;
 	bool ok;
 
+	/*
+	 * When interpreting the program we will need a stack, which in the
+	 * very worst case can be as deep as the program is long.
+	 */
+	stack = talloc_array(mem_ctx,
+			     struct ace_condition_token,
+			     program->length + 1);
+	if (stack == NULL) {
+		goto error;
+	}
+
 	for (i = 0; i < program->length; i++) {
 		struct ace_condition_token *tok = &program->tokens[i];
 		switch (tok->type) {
@@ -2232,7 +2233,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 		case CONDITIONAL_ACE_TOKEN_SID:
 		case CONDITIONAL_ACE_TOKEN_COMPOSITE:
 		/* just plonk these literals on the stack */
-			program->stack[depth] = *tok;
+			stack[depth] = *tok;
 			depth++;
 			break;
 
@@ -2243,7 +2244,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 			if (! ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 
@@ -2255,7 +2256,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 			if (! ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 
@@ -2271,12 +2272,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 				goto error;
 			}
 			depth--;
-			lhs = &program->stack[depth];
+			lhs = &stack[depth];
 			ok = member_lookup(token, tok, lhs, &result);
 			if (! ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 		/* binary relational operators */
@@ -2294,14 +2295,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 				goto error;
 			}
 			depth--;
-			rhs = &program->stack[depth];
+			rhs = &stack[depth];
 			depth--;
-			lhs = &program->stack[depth];
+			lhs = &stack[depth];
 			ok = relational_operator(token, tok, lhs, rhs, &result);
 			if (! ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 		/* unary logical operators */
@@ -2312,12 +2313,12 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 				goto error;
 			}
 			depth--;
-			lhs = &program->stack[depth];
+			lhs = &stack[depth];
 			ok = unary_logic_operator(mem_ctx, token, tok, lhs, sd, &result);
 			if (!ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 		/* binary logical operators */
@@ -2327,14 +2328,14 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 				goto error;
 			}
 			depth--;
-			rhs = &program->stack[depth];
+			rhs = &stack[depth];
 			depth--;
-			lhs = &program->stack[depth];
+			lhs = &stack[depth];
 			ok = binary_logic_operator(token, tok, lhs, rhs, &result);
 			if (! ok) {
 				goto error;
 			}
-			program->stack[depth] = result;
+			stack[depth] = result;
 			depth++;
 			break;
 		default:
@@ -2348,11 +2349,11 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 	if (depth != 1) {
 		goto error;
 	}
-	result = program->stack[0];
+	result = stack[0];
 	if (result.type != CONDITIONAL_ACE_SAMBA_RESULT_BOOL) {
 		goto error;
 	}
-
+	TALLOC_FREE(stack);
 	return result.data.result.value;
 
   error:
@@ -2360,6 +2361,7 @@ int run_conditional_ace(TALLOC_CTX *mem_ctx,
 	 * the result of an error is always UNKNOWN, which should be
 	 * interpreted pessimistically, not allowing access.
 	 */
+	TALLOC_FREE(stack);
 	return ACE_CONDITION_UNKNOWN;
 }
 
diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index e9d83b7f9c1..cd39e3c4c50 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -2893,16 +2893,14 @@ static bool init_compiler_context(
 		TALLOC_FREE(program);
 		return false;
 	}
-	program->stack = talloc_array(program,
-				      struct ace_condition_token,
-				      max_stack + 1);
-	if (program->stack == NULL) {
+	comp->program = program;
+	comp->stack = talloc_array(program,
+				   struct ace_condition_token,
+				   max_stack + 1);
+	if (comp->stack == NULL) {
 		TALLOC_FREE(program);
 		return false;
 	}
-	comp->program = program;
-	/* we can borrow the program stack for the operator stack */
-	comp->stack = program->stack;
 	comp->target = program->tokens;
 	comp->target_len = &program->length;
 	comp->length = strlen(sddl);
diff --git a/librpc/idl/conditional_ace.idl b/librpc/idl/conditional_ace.idl
index 8db0ed66b7b..3b8236f7e37 100644
--- a/librpc/idl/conditional_ace.idl
+++ b/librpc/idl/conditional_ace.idl
@@ -390,7 +390,6 @@ interface conditional_ace
 	 */
 	typedef [public] struct {
 		ace_condition_token *tokens;
-		ace_condition_token *stack;
 		uint32 length;
 	} ace_condition_script;