]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1c64ed)
CVE-2020-25722 Check for all errors from acl_check_extended_right() in acl_check_spn()
authorAndrew Bartlett <abartlet@samba.org>
Mon, 1 Nov 2021 04:21:16 +0000 (17:21 +1300)
committerJule Anger <janger@samba.org>
Mon, 8 Nov 2021 09:52:11 +0000 (10:52 +0100)
We should not fail open on error.

BUG:  https://bugzilla.samba.org/show_bug.cgi?id=14876
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
source4/dsdb/samdb/ldb_modules/acl.c patch | blob | blame | history

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index d0b3da4d9e8a751aee7ec6683301b0d728497607..712724909e3fe1d520fedf5cd08870cad6cdeee2 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -712,7 +712,7 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
                                       SEC_ADS_SELF_WRITE,
                                       sid);
 
-       if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+       if (ret != LDB_SUCCESS) {
                dsdb_acl_debug(sd, acl_user_token(module),
                               req->op.mod.message->dn,
                               true,
Mirror of https://github.com/samba-team/samba.git