CVE-2023-0614 libcli/security: Make some parameters const

author Joseph Sutton <josephsutton@catalyst.net.nz>

Thu, 26 Jan 2023 18:57:27 +0000 (07:57 +1300)

committer Jule Anger <janger@samba.org>

Mon, 20 Mar 2023 09:03:37 +0000 (10:03 +0100)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Thu, 26 Jan 2023 18:57:27 +0000 (07:57 +1300)
committer Jule Anger <janger@samba.org>
Mon, 20 Mar 2023 09:03:37 +0000 (10:03 +0100)
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c

index 322f4fdb0c64d572d76b667c632e9421428e797b..6508b6f3fe32d350fdbdfa7cdcb5d3fc5e8d6b04 100644 (file)
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -394,7 +394,7 @@ NTSTATUS se_file_access_check(const struct security_descriptor *sd,
         return NT_STATUS_OK;
  }
  
-static const struct GUID *get_ace_object_type(struct security_ace *ace)
+static const struct GUID *get_ace_object_type(const struct security_ace *ace)
  {
         if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
                 return &ace->object.object.type.type;
@@ -412,7 +412,7 @@ static const struct GUID *get_ace_object_type(struct security_ace *ace)
   *                            rights to the object/attribute
   * @returns NT_STATUS_OK, unless access was denied
   */
-static NTSTATUS check_object_specific_access(struct security_ace *ace,
+static NTSTATUS check_object_specific_access(const struct security_ace *ace,
                                              struct object_tree *tree,
                                              bool *grant_access)
  {
@@ -505,7 +505,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                              uint32_t access_desired,
                              uint32_t *access_granted,
                              struct object_tree *tree,
-                            struct dom_sid *replace_sid)
+                            const struct dom_sid *replace_sid)
  {
         uint32_t i;
         uint32_t bits_remaining;
@@ -556,8 +556,8 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
  
         /* check each ace in turn. */
         for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) {
-               struct dom_sid *trustee;
-               struct security_ace *ace = &sd->dacl->aces[i];
+               const struct dom_sid *trustee;
+               const struct security_ace *ace = &sd->dacl->aces[i];
                 NTSTATUS status;
                 bool grant_access = false;
  
diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h

index 952589dacb7794fbf8d934dcb8638d6177d3fce9..04ea2127b61203ea68ebdc1ea1846556c5f16641 100644 (file)
--- a/libcli/security/access_check.h
+++ b/libcli/security/access_check.h
@@ -74,7 +74,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                              uint32_t access_desired,
                              uint32_t *access_granted,
                              struct object_tree *tree,
-                            struct dom_sid *replace_sid);
+                            const struct dom_sid *replace_sid);
  
  bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
                            const struct GUID *guid,
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Thu, 26 Jan 2023 18:57:27 +0000 (07:57 +1300)
committer	Jule Anger <janger@samba.org>
	Mon, 20 Mar 2023 09:03:37 +0000 (10:03 +0100)
libcli/security/access_check.c		patch \| blob \| blame \| history
libcli/security/access_check.h		patch \| blob \| blame \| history