Fixed the range of valid subauthority counts in a SID

ntfs_valid_sid() required that the subauthority count be between 1 and 8 inclusively. However, Windows permits more than 8 subauthorities as well as 0 subauthorities: - The install.wim file for the latest Windows 10 build contains a file whose DACL contains a SID with 10 subauthorities. ntfs_set_ntfs_acl() was failing on this file. - The IsValidSid() function on Windows returns true for subauthority less than or equal to 15, including 0. There was actually already a another SID validation function that had the Windows-compatible behavior, so I merged the two together. Contributed by Eric Biggers
2024-11-23 10:04:00 +08:00 · 2015-07-14 08:37:01 +02:00 · 2015-07-14 08:37:01 +02:00 · 2c11aaa2aa
commit 2c11aaa2aa
parent c9771d0509
3 changed files with 11 additions and 25 deletions
--- a/include/ntfs-3g/security.h
+++ b/include/ntfs-3g/security.h
@ -222,22 +222,6 @@ enum {
 extern BOOL ntfs_guid_is_zero(const GUID *guid);
 extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str);

-/**
- * ntfs_sid_is_valid - determine if a SID is valid
- * @sid:	SID for which to determine if it is valid
- *
- * Determine if the SID pointed to by @sid is valid.
- *
- * Return TRUE if it is valid and FALSE otherwise.
- */
-static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
-{
-	if (!sid || sid->revision != SID_REVISION ||
-			sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
-		return FALSE;
-	return TRUE;
-}
-
 extern int ntfs_sid_to_mbs_size(const SID *sid);
 extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str,
 		size_t sid_str_size);
--- a/libntfs-3g/acls.c
+++ b/libntfs-3g/acls.c
@ -362,16 +362,18 @@ unsigned int ntfs_attr_size(const char *attr)
 	return (attrsz);
 }

-/*
- *		Do sanity checks on a SID read from storage
- *	(just check revision and number of authorities)
+/**
+ * ntfs_valid_sid - determine if a SID is valid
+ * @sid:	SID for which to determine if it is valid
+ *
+ * Determine if the SID pointed to by @sid is valid.
+ *
+ * Return TRUE if it is valid and FALSE otherwise.
 */
-
 BOOL ntfs_valid_sid(const SID *sid)
 {
-	return ((sid->revision == SID_REVISION)
-		&& (sid->sub_authority_count >= 1)
-		&& (sid->sub_authority_count <= 8));
+	return sid && sid->revision == SID_REVISION &&
+		sid->sub_authority_count <= SID_MAX_SUB_AUTHORITIES;
 }

 /*
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
@ -224,7 +224,7 @@ int ntfs_sid_to_mbs_size(const SID *sid)
 {
 	int size, i;

-	if (!ntfs_sid_is_valid(sid)) {
+	if (!ntfs_valid_sid(sid)) {
 		errno = EINVAL;
 		return -1;
 	}
@ -298,7 +298,7 @@ char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, size_t sid_str_size)
 	 * No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will
 	 * check @sid, too.  8 is the minimum SID string size.
 	 */
-	if (sid_str && (sid_str_size < 8 || !ntfs_sid_is_valid(sid))) {
+	if (sid_str && (sid_str_size < 8 || !ntfs_valid_sid(sid))) {
 		errno = EINVAL;
 		return NULL;
 	}