From e38d2dd2f79cbcad4fc35b5a9963f15a7e6087cb Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Mon, 23 Jan 2017 16:19:06 +0100 Subject: [PATCH] s3/smbd: check for invalid access_mask smbd_calculate_access_mask() This makes us pass "base.createx_access". Bug: https://bugzilla.samba.org/show_bug.cgi?id=12536 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 326765923f1d384e5cd8b7fda048b459c67a4bf5) --- selftest/knownfail | 1 - source3/smbd/open.c | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/selftest/knownfail b/selftest/knownfail index 48d17bb22ec..778cb339a0f 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -56,7 +56,6 @@ ^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(nt4_dc\) ^samba3.base.delete.deltest16a ^samba3.base.delete.deltest17a -^samba3.base.createx_access.createx_access\(ad_dc\) ^samba3.unix.whoami anonymous connection.whoami\(ad_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token ^samba3.unix.whoami anonymous connection.whoami\(ad_member\) # smbd maps anonymous logins to domain guest in the local domain, not SID_NT_ANONYMOUS # these show that we still have some differences between our system diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ced3bb0afaa..0184a00063a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2255,6 +2255,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, uint32_t orig_access_mask = access_mask; uint32_t rejected_share_access; + if (access_mask & SEC_MASK_INVALID) { + DBG_DEBUG("access_mask [%8x] contains invalid bits\n", + access_mask); + return NT_STATUS_ACCESS_DENIED; + } + /* * Convert GENERIC bits to specific bits. */ -- 2.47.2