mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
ace->access_mask is uint32_t, so can overflow a signed int. This would be easy to trigger, as it is a flags field rather than an allocation count. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
31101a9fa1
commit
e35d54fd4d
@ -120,19 +120,19 @@ static int ace_compare(struct security_ace *ace1, struct security_ace *ace2)
|
||||
return 0;
|
||||
|
||||
if (ace1->type != ace2->type)
|
||||
return ace2->type - ace1->type;
|
||||
return NUMERIC_CMP(ace2->type, ace1->type);
|
||||
|
||||
if (dom_sid_compare(&ace1->trustee, &ace2->trustee))
|
||||
return dom_sid_compare(&ace1->trustee, &ace2->trustee);
|
||||
|
||||
if (ace1->flags != ace2->flags)
|
||||
return ace1->flags - ace2->flags;
|
||||
return NUMERIC_CMP(ace1->flags, ace2->flags);
|
||||
|
||||
if (ace1->access_mask != ace2->access_mask)
|
||||
return ace1->access_mask - ace2->access_mask;
|
||||
return NUMERIC_CMP(ace1->access_mask, ace2->access_mask);
|
||||
|
||||
if (ace1->size != ace2->size)
|
||||
return ace1->size - ace2->size;
|
||||
return NUMERIC_CMP(ace1->size, ace2->size);
|
||||
|
||||
return memcmp(ace1, ace2, sizeof(struct security_ace));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user