sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

(cherry picked from commit 9ea06aaf9f)
This commit is contained in:
Stefan Metzmacher 2023-03-16 10:11:05 +01:00 committed by Jule Anger
parent 8ebcfe5599
commit 8a2b11fda3
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
source4/librpc/ndr/py_security.c
View File

@ -176,12 +176,13 @@ static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
NTSTATUS status;
struct security_ace *ace;
PyObject *py_ace;
Py_ssize_t idx = -1;
if (!PyArg_ParseTuple(args, "O", &py_ace))
if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
return NULL;
ace = pytalloc_get_ptr(py_ace);
status = security_descriptor_sacl_add(desc, ace);
status = security_descriptor_sacl_insert(desc, ace, idx);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}
@ -192,13 +193,14 @@ static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
NTSTATUS status;
struct security_ace *ace;
PyObject *py_ace;
Py_ssize_t idx = -1;
if (!PyArg_ParseTuple(args, "O", &py_ace))
if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
return NULL;
ace = pytalloc_get_ptr(py_ace);
status = security_descriptor_dacl_add(desc, ace);
status = security_descriptor_dacl_insert(desc, ace, idx);
PyErr_NTSTATUS_IS_ERR_RAISE(status);
Py_RETURN_NONE;
}