mirrors/ntfs-3g
0
0
Fork 0
mirror of https://git.code.sf.net/p/ntfs-3g/ntfs-3g.git synced 2024-11-27 03:53:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the range of valid subauthority counts in a SID

Browse Source 
ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively.  However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:

  - The install.wim file for the latest Windows 10 build contains a file
    whose DACL contains a SID with 10 subauthorities.
    ntfs_set_ntfs_acl() was failing on this file.

  - The IsValidSid() function on Windows returns true for subauthority
    less than or equal to 15, including 0.

There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.

Contributed by Eric Biggers
This commit is contained in:
Jean-Pierre André 2015-07-14 08:37:01 +02:00
parent c9771d0509
commit 2c11aaa2aa
3 changed files with 11 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/ntfs-3g/security.h
View File

@ -222,22 +222,6 @@ enum {
extern BOOL ntfs_guid_is_zero(const GUID *guid); extern BOOL ntfs_guid_is_zero(const GUID *guid);
extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str); extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str);
/**
* ntfs_sid_is_valid - determine if a SID is valid
* @sid: SID for which to determine if it is valid
*
* Determine if the SID pointed to by @sid is valid.
*
* Return TRUE if it is valid and FALSE otherwise.
*/
static __inline__ BOOL ntfs_sid_is_valid(const SID *sid)
{
if (!sid || sid->revision != SID_REVISION ||
sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES)
return FALSE;
return TRUE;
}
extern int ntfs_sid_to_mbs_size(const SID *sid); extern int ntfs_sid_to_mbs_size(const SID *sid);
extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str,
size_t sid_str_size); size_t sid_str_size);

16
libntfs-3g/acls.c
View File

@ -362,16 +362,18 @@ unsigned int ntfs_attr_size(const char *attr)
return (attrsz); return (attrsz);
} }
/* /**
* Do sanity checks on a SID read from storage * ntfs_valid_sid - determine if a SID is valid
* (just check revision and number of authorities) * @sid: SID for which to determine if it is valid
*
* Determine if the SID pointed to by @sid is valid.
*
* Return TRUE if it is valid and FALSE otherwise.
*/ */
BOOL ntfs_valid_sid(const SID *sid) BOOL ntfs_valid_sid(const SID *sid)
{ {
return ((sid->revision == SID_REVISION) return sid && sid->revision == SID_REVISION &&
&& (sid->sub_authority_count >= 1) sid->sub_authority_count <= SID_MAX_SUB_AUTHORITIES;
&& (sid->sub_authority_count <= 8));
} }
/* /*

4
libntfs-3g/security.c
View File

@ -224,7 +224,7 @@ int ntfs_sid_to_mbs_size(const SID *sid)
{ {
int size, i; int size, i;
if (!ntfs_sid_is_valid(sid)) { if (!ntfs_valid_sid(sid)) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
@ -298,7 +298,7 @@ char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, size_t sid_str_size)
* No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will * No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will
* check @sid, too. 8 is the minimum SID string size. * check @sid, too. 8 is the minimum SID string size.
*/ */
if (sid_str && (sid_str_size < 8 || !ntfs_sid_is_valid(sid))) { if (sid_str && (sid_str_size < 8 || !ntfs_valid_sid(sid))) {
errno = EINVAL; errno = EINVAL;
return NULL; return NULL;
} }