setcifsacl: clean up sizing of cifs_sid

The max number of subauthorities on windows and in winbind is generally
15, not 5. If winbind sends more than 5, then this code may end up
overrunning the buffer. Also, define some preprocessor constants and
use those instead of hardcoding '5' and '6' all over the place.

Signed-off-by: Jeff Layton <jlayton@samba.org>

diff --git a/cifsacl.h b/cifsacl.h
index 101881b7e2534000cc01e36cc1aaa27084a0550d..f9fdc8fb4b81cf6aa07fcba7c8730aa29bed6693 100644 (file)
--- a/cifsacl.h
+++ b/cifsacl.h
@@ -96,6 +96,9 @@
 #define COMPMASK 0x8
 #define COMPALL 0xf /* COMPSID | COMPTYPE | COMPFLAG | COMPMASK */
 
+#define NUM_AUTHS (6)   /* number of authority fields */
+#define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */
+
 enum ace_action {
        acedelete = 0,
        acemodify,
@@ -115,8 +118,8 @@ struct cifs_ntsd {
 struct cifs_sid {
        uint8_t revision; /* revision level */
        uint8_t num_subauth;
-       uint8_t authority[6];
-       uint32_t sub_auth[5]; /* sub_auth[num_subauth] */
+       uint8_t authority[NUM_AUTHS];
+       uint32_t sub_auth[SID_MAX_SUB_AUTHORITIES];
 } __attribute__((packed));
 
 struct cifs_ctrl_acl {

diff --git a/setcifsacl.c b/setcifsacl.c
index 29b7b93bdff0bfc0c37ace406f3febb6c6fd5f4c..23ab5b10e563775ccf3ad3ac22a37b03c2b30309 100644 (file)
--- a/setcifsacl.c
+++ b/setcifsacl.c
@@ -76,9 +76,9 @@ copy_sec_desc(const struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
 
        nowner_sid_ptr->revision = owner_sid_ptr->revision;
        nowner_sid_ptr->num_subauth = owner_sid_ptr->num_subauth;
-       for (i = 0; i < 6; i++)
+       for (i = 0; i < NUM_AUTHS; i++)
                nowner_sid_ptr->authority[i] = owner_sid_ptr->authority[i];
-       for (i = 0; i < 5; i++)
+       for (i = 0; i < SID_MAX_SUB_AUTHORITIES; i++)
                nowner_sid_ptr->sub_auth[i] = owner_sid_ptr->sub_auth[i];
 
        /* copy group sid */
@@ -87,9 +87,9 @@ copy_sec_desc(const struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd,
 
        ngroup_sid_ptr->revision = group_sid_ptr->revision;
        ngroup_sid_ptr->num_subauth = group_sid_ptr->num_subauth;
-       for (i = 0; i < 6; i++)
+       for (i = 0; i < NUM_AUTHS; i++)
                ngroup_sid_ptr->authority[i] = group_sid_ptr->authority[i];
-       for (i = 0; i < 5; i++)
+       for (i = 0; i < SID_MAX_SUB_AUTHORITIES; i++)
                ngroup_sid_ptr->sub_auth[i] = group_sid_ptr->sub_auth[i];
 
        return;
@@ -106,7 +106,7 @@ copy_ace(struct cifs_ace *dace, struct cifs_ace *sace)
 
        dace->sid.revision = sace->sid.revision;
        dace->sid.num_subauth = sace->sid.num_subauth;
-       for (i = 0; i < 6; i++)
+       for (i = 0; i < NUM_AUTHS; i++)
                dace->sid.authority[i] = sace->sid.authority[i];
        for (i = 0; i < sace->sid.num_subauth; i++)
                dace->sid.sub_auth[i] = sace->sid.sub_auth[i];
@@ -126,7 +126,7 @@ compare_aces(struct cifs_ace *sace, struct cifs_ace *dace, int compflags)
                        return 0;
                if (dace->sid.num_subauth != sace->sid.num_subauth)
                        return 0;
-               for (i = 0; i < 6; i++) {
+               for (i = 0; i < NUM_AUTHS; i++) {
                        if (dace->sid.authority[i] != sace->sid.authority[i])
                                return 0;
                }