summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-01-03 20:39:23 +1100
committerStefan Metzmacher <metze@samba.org>2013-01-15 12:14:25 +0100
commitb26668c606057fb30b20efd912284c3e79d547ff (patch)
treec635d749e62288c5e8e1f84eb4f05c474a2af682
parent8f8ca589d2aa7f9deaae6a05cb5ab73da95372bf (diff)
downloadsamba-b26668c606057fb30b20efd912284c3e79d547ff.tar.gz
samba-b26668c606057fb30b20efd912284c3e79d547ff.tar.bz2
samba-b26668c606057fb30b20efd912284c3e79d547ff.zip
libcli/security: Ensure to fill in remaining_access for the initial case (bug #9554 - CVE-2013-0172)
It is critically important that we initialise this element as otherwise all access is permitted. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a75805490d96a85786287f5d0522dd7671d6816e)
-rw-r--r--libcli/security/object_tree.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/libcli/security/object_tree.c b/libcli/security/object_tree.c
index 6809c8e345..dcbd310bae 100644
--- a/libcli/security/object_tree.c
+++ b/libcli/security/object_tree.c
@@ -53,6 +53,7 @@ bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
return false;
}
(*root)->guid = *guid;
+ (*root)->remaining_access = init_access;
*new_node = *root;
return true;
}