CVE-2020-25722 Check for all errors from acl_check_extended_right() in acl_check_spn()

author Andrew Bartlett <abartlet@samba.org>

Mon, 1 Nov 2021 04:21:16 +0000 (17:21 +1300)

committer Jule Anger <janger@samba.org>

Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
author Andrew Bartlett <abartlet@samba.org>
Mon, 1 Nov 2021 04:21:16 +0000 (17:21 +1300)
committer Jule Anger <janger@samba.org>
Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c

index 1e4764cdbd7c3d5e404ad2a8206df84b0993a020..21e83276bfd04673a6fdc456d2978973b6319647 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -715,7 +715,7 @@ static int acl_check_spn(TALLOC_CTX *mem_ctx,
                                        SEC_ADS_SELF_WRITE,
                                        sid);
  
-       if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+       if (ret != LDB_SUCCESS) {
                 dsdb_acl_debug(sd, acl_user_token(module),
                                req->op.mod.message->dn,
                                true,
author	Andrew Bartlett <abartlet@samba.org>
	Mon, 1 Nov 2021 04:21:16 +0000 (17:21 +1300)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)