CVE-2023-4154 libcli/security: add security_descriptor_[s|d]acl_insert() helpers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 2c02378029fff6636b8f19e45af78b265f2210ed)

diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8657c79736420f8cc5116a98cb7b7bf73bb3e5c0..08f2cf19ee8ff1b72271e13a8d9d78a93e26d576 100644 (file)
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -343,6 +343,20 @@ NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
        return security_descriptor_acl_add(sd, true, ace, -1);
 }
 
+/*
+  insert an ACE at a given index to the SACL of a security_descriptor
+
+  idx can be negative, which means it's related to the new size from the
+  end, so -1 means the ace is appended at the end.
+*/
+
+NTSTATUS security_descriptor_sacl_insert(struct security_descriptor *sd,
+                                        const struct security_ace *ace,
+                                        ssize_t idx)
+{
+       return security_descriptor_acl_add(sd, true, ace, idx);
+}
+
 /*
   add an ACE to the DACL of a security_descriptor
 */
@@ -353,6 +367,20 @@ NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
        return security_descriptor_acl_add(sd, false, ace, -1);
 }
 
+/*
+  insert an ACE at a given index to the DACL of a security_descriptor
+
+  idx can be negative, which means it's related to the new size from the
+  end, so -1 means the ace is appended at the end.
+*/
+
+NTSTATUS security_descriptor_dacl_insert(struct security_descriptor *sd,
+                                        const struct security_ace *ace,
+                                        ssize_t idx)
+{
+       return security_descriptor_acl_add(sd, false, ace, idx);
+}
+
 /*
   delete the ACE corresponding to the given trustee in an ACL of a
   security_descriptor

diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h
index 46545321d15a2cd6c05df45bd4dcaeda99a72134..354bc17e9252f93e01dc66efbbcff0c4d570a855 100644 (file)
--- a/libcli/security/security_descriptor.h
+++ b/libcli/security/security_descriptor.h
@@ -33,8 +33,14 @@ NTSTATUS security_descriptor_for_client(TALLOC_CTX *mem_ctx,
                                        struct security_descriptor **_csd);
 NTSTATUS security_descriptor_sacl_add(struct security_descriptor *sd,
                                      const struct security_ace *ace);
+NTSTATUS security_descriptor_sacl_insert(struct security_descriptor *sd,
+                                        const struct security_ace *ace,
+                                        ssize_t idx);
 NTSTATUS security_descriptor_dacl_add(struct security_descriptor *sd,
                                      const struct security_ace *ace);
+NTSTATUS security_descriptor_dacl_insert(struct security_descriptor *sd,
+                                        const struct security_ace *ace,
+                                        ssize_t idx);
 NTSTATUS security_descriptor_dacl_del(struct security_descriptor *sd,
                                      const struct dom_sid *trustee);
 NTSTATUS security_descriptor_sacl_del(struct security_descriptor *sd,