From 2c11aaa2aa9900f24f09c6903c3b9fdb79e38689 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= Date: Tue, 14 Jul 2015 08:37:01 +0200 Subject: [PATCH] Fixed the range of valid subauthority counts in a SID ntfs_valid_sid() required that the subauthority count be between 1 and 8 inclusively. However, Windows permits more than 8 subauthorities as well as 0 subauthorities: - The install.wim file for the latest Windows 10 build contains a file whose DACL contains a SID with 10 subauthorities. ntfs_set_ntfs_acl() was failing on this file. - The IsValidSid() function on Windows returns true for subauthority less than or equal to 15, including 0. There was actually already a another SID validation function that had the Windows-compatible behavior, so I merged the two together. Contributed by Eric Biggers --- include/ntfs-3g/security.h | 16 ---------------- libntfs-3g/acls.c | 16 +++++++++------- libntfs-3g/security.c | 4 ++-- 3 files changed, 11 insertions(+), 25 deletions(-) diff --git a/include/ntfs-3g/security.h b/include/ntfs-3g/security.h index 8875c9c1..91671552 100644 --- a/include/ntfs-3g/security.h +++ b/include/ntfs-3g/security.h @@ -222,22 +222,6 @@ enum { extern BOOL ntfs_guid_is_zero(const GUID *guid); extern char *ntfs_guid_to_mbs(const GUID *guid, char *guid_str); -/** - * ntfs_sid_is_valid - determine if a SID is valid - * @sid: SID for which to determine if it is valid - * - * Determine if the SID pointed to by @sid is valid. - * - * Return TRUE if it is valid and FALSE otherwise. - */ -static __inline__ BOOL ntfs_sid_is_valid(const SID *sid) -{ - if (!sid || sid->revision != SID_REVISION || - sid->sub_authority_count > SID_MAX_SUB_AUTHORITIES) - return FALSE; - return TRUE; -} - extern int ntfs_sid_to_mbs_size(const SID *sid); extern char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, size_t sid_str_size); diff --git a/libntfs-3g/acls.c b/libntfs-3g/acls.c index 925bb96d..500d60f5 100644 --- a/libntfs-3g/acls.c +++ b/libntfs-3g/acls.c @@ -362,16 +362,18 @@ unsigned int ntfs_attr_size(const char *attr) return (attrsz); } -/* - * Do sanity checks on a SID read from storage - * (just check revision and number of authorities) +/** + * ntfs_valid_sid - determine if a SID is valid + * @sid: SID for which to determine if it is valid + * + * Determine if the SID pointed to by @sid is valid. + * + * Return TRUE if it is valid and FALSE otherwise. */ - BOOL ntfs_valid_sid(const SID *sid) { - return ((sid->revision == SID_REVISION) - && (sid->sub_authority_count >= 1) - && (sid->sub_authority_count <= 8)); + return sid && sid->revision == SID_REVISION && + sid->sub_authority_count <= SID_MAX_SUB_AUTHORITIES; } /* diff --git a/libntfs-3g/security.c b/libntfs-3g/security.c index 3ac4790a..e00bcf95 100644 --- a/libntfs-3g/security.c +++ b/libntfs-3g/security.c @@ -224,7 +224,7 @@ int ntfs_sid_to_mbs_size(const SID *sid) { int size, i; - if (!ntfs_sid_is_valid(sid)) { + if (!ntfs_valid_sid(sid)) { errno = EINVAL; return -1; } @@ -298,7 +298,7 @@ char *ntfs_sid_to_mbs(const SID *sid, char *sid_str, size_t sid_str_size) * No need to check @sid if !@sid_str since ntfs_sid_to_mbs_size() will * check @sid, too. 8 is the minimum SID string size. */ - if (sid_str && (sid_str_size < 8 || !ntfs_sid_is_valid(sid))) { + if (sid_str && (sid_str_size < 8 || !ntfs_valid_sid(sid))) { errno = EINVAL; return NULL; }