From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 16 Mar 2023 09:11:05 +0000 (+0100)
Subject: CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()
X-Git-Tag: samba-4.17.12~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebd421306e7b1ec37e7a477937d04a27de838cff;p=thirdparty%2Fsamba.git

CVE-2023-4154 py_security: allow idx argument to descriptor.[s|d]acl_add()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

(cherry picked from commit 9ea06aaf9f57e3c7094553d9ac40fb73057a9b74)
---

diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index e61b994d7cb..4a8271a11db 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -175,12 +175,13 @@ static PyObject *py_descriptor_sacl_add(PyObject *self, PyObject *args)
 	NTSTATUS status;
 	struct security_ace *ace;
 	PyObject *py_ace;
+	Py_ssize_t idx = -1;
 
-	if (!PyArg_ParseTuple(args, "O", &py_ace))
+	if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
 		return NULL;
 
 	ace = pytalloc_get_ptr(py_ace);
-	status = security_descriptor_sacl_add(desc, ace);
+	status = security_descriptor_sacl_insert(desc, ace, idx);
 	PyErr_NTSTATUS_IS_ERR_RAISE(status);
 	Py_RETURN_NONE;
 }
@@ -191,13 +192,14 @@ static PyObject *py_descriptor_dacl_add(PyObject *self, PyObject *args)
 	NTSTATUS status;
 	struct security_ace *ace;
 	PyObject *py_ace;
+	Py_ssize_t idx = -1;
 
-	if (!PyArg_ParseTuple(args, "O", &py_ace))
+	if (!PyArg_ParseTuple(args, "O|n", &py_ace, &idx))
 		return NULL;
 
 	ace = pytalloc_get_ptr(py_ace);
 
-	status = security_descriptor_dacl_add(desc, ace);
+	status = security_descriptor_dacl_insert(desc, ace, idx);
 	PyErr_NTSTATUS_IS_ERR_RAISE(status);
 	Py_RETURN_NONE;
 }