From: Douglas Bagnall Date: Sun, 31 Dec 2023 04:39:23 +0000 (+1300) Subject: ndr: ACE push avoids no-op coda pushes X-Git-Tag: tdb-1.4.11~1808 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ee1b8ae04b10306c059174a5b4b637b080fe23fd;p=thirdparty%2Fsamba.git ndr: ACE push avoids no-op coda pushes We don't expect an ordinary ACE to have a non-empty coda, and we don't really want to push it if it does, but for this patch we still will. This will not change the data on the wire. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 --- diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index b3de2f65f23..ae4006b2663 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -120,7 +120,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, ndr_flags NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, sec_ace_object(r->type))); NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object)); NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee)); - { + if (sec_ace_has_extra_blob(r->type) || r->coda.ignored.length != 0) { struct ndr_push *_ndr_coda; NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0, ndr_subcontext_size_of_ace_coda(r, ndr_size_security_ace(r, ndr->flags), ndr->flags))); NDR_CHECK(ndr_push_set_switch_value(_ndr_coda, &r->coda, r->type));