Better workaround owner/group SIDs being NULL

* sec_acl.cc (set_posix_access): Replace previous patch. Return EINVAL if uid and/or guid is invalid and not backed by an actual Windows account. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
2015-04-16 22:19:57 +02:00 · 2015-04-16 22:19:57 +02:00 · ea503bf4c9
parent de67909ac1
commit ea503bf4c9
2 changed files with 14 additions and 4 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,9 @@
+2015-04-16  Corinna Vinschen  <corinna@vinschen.de>
+
+	* sec_acl.cc (set_posix_access): Replace previous patch.  Return
+	EINVAL if uid and/or guid is invalid and not backed by an actual
+	Windows account.
+
 2015-04-16  Corinna Vinschen  <corinna@vinschen.de>

 	* sec_acl.cc (set_posix_access): Workaround owner/group SIDs being NULL.
--- a/winsup/cygwin/sec_acl.cc
+++ b/winsup/cygwin/sec_acl.cc
@ -154,6 +154,11 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
  /* Fetch owner and group and set in security descriptor. */
  owner = sidfromuid (uid, &cldap);
  group = sidfromgid (gid, &cldap);
+  if (!owner || !group)
+    {
+      set_errno (EINVAL);
+      return NULL;
+    }
  status = RtlSetOwnerSecurityDescriptor (&sd, owner, FALSE);
  if (!NT_SUCCESS (status))
    {
@ -166,10 +171,9 @@ set_posix_access (mode_t attr, uid_t uid, gid_t gid,
      __seterrno_from_nt_status (status);
      return NULL;
    }
-  /* If the account DBs are broken, we might end up without SIDs.  Better
-     check them here. */
-  if (owner && group)
-    owner_eq_group = RtlEqualSid (owner, group);
+  owner_eq_group = RtlEqualSid (owner, group);
+
+

  /* No POSIX ACL?  Use attr to generate one from scratch. */
  if (!aclbufp)