smbd: protect check_smb2_posix_chmod_ace against invalid trustees

Found because I got this wrong in new code coming soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/smb2_nttrans.c b/source3/smbd/smb2_nttrans.c
index 44aab9af34b5f1c6418567140855951b87503df2..f61848334ba6ce5f52bd0cb7bf3adedc54b81402 100644 (file)
--- a/source3/smbd/smb2_nttrans.c
+++ b/source3/smbd/smb2_nttrans.c
@@ -204,6 +204,10 @@ static bool check_smb2_posix_chmod_ace(const struct files_struct *fsp,
                return false;
        }
 
+       if (psd->dacl->aces[0].trustee.num_auths != 3) {
+               return false;
+       }
+
        cmp = dom_sid_compare_domain(&global_sid_Unix_NFS_Mode,
                                     &psd->dacl->aces[0].trustee);
        if (cmp != 0) {