diff options
| -rw-r--r-- | winsup/cygwin/ChangeLog | 5 | ||||
| -rw-r--r-- | winsup/cygwin/release/1.7.35 | 5 | ||||
| -rw-r--r-- | winsup/cygwin/sec_acl.cc | 9 |
3 files changed, 16 insertions, 3 deletions
diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog index e3969cc2f..34c8e0992 100644 --- a/winsup/cygwin/ChangeLog +++ b/winsup/cygwin/ChangeLog @@ -1,5 +1,10 @@ 2015-02-12 Corinna Vinschen <corinna@vinschen.de> + * sec_acl.cc (setacl): Introduce bool array "invalid" to note the + invalidation of incoming acl entries while iterating over them. + +2015-02-12 Corinna Vinschen <corinna@vinschen.de> + * cygheap.h (cygheap_pwdgrp::get_home): Add dnsdomain parameter to declaration in ldap-related method. (cygheap_pwdgrp::get_shell): Ditto. diff --git a/winsup/cygwin/release/1.7.35 b/winsup/cygwin/release/1.7.35 index f364145be..0726a2a8a 100644 --- a/winsup/cygwin/release/1.7.35 +++ b/winsup/cygwin/release/1.7.35 @@ -13,3 +13,8 @@ Bug Fixes - Fix /proc/cpuinfo multicore info on Intel CPUs. Addresses: https://cygwin.com/ml/cygwin-apps/2015-02/msg00077.html + +- Regression in 1.7.34: acl(SETACL, ...) overwrote the incoming acltent_t + array for bookkeeping purposes while iterating over its entries. This + broke reusing the acl in the calling application (e.g. setfacl). + Addresses: https://cygwin.com/ml/cygwin/2015-02/msg00304.html diff --git a/winsup/cygwin/sec_acl.cc b/winsup/cygwin/sec_acl.cc index 51f1c9964..94bd90cf7 100644 --- a/winsup/cygwin/sec_acl.cc +++ b/winsup/cygwin/sec_acl.cc @@ -125,6 +125,9 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp, writable = false; + bool *invalid = (bool *) tp.c_get (); + memset (invalid, 0, nentries * sizeof *invalid); + /* Pre-compute owner, group, and other permissions to allow creating matching deny ACEs as in alloc_sd. */ DWORD owner_allow = 0, group_allow = 0, other_allow = 0; @@ -163,7 +166,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp, && (aclbufp[i].a_type == USER_OBJ || !(null_mask & FILE_READ_DATA))) *allow |= FILE_DELETE_CHILD; - aclbufp[i].a_type = 0; + invalid[i] = true; } bool isownergroup = (owner_sid == group_sid); DWORD owner_deny = ~owner_allow & (group_allow | other_allow); @@ -210,7 +213,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp, { DWORD allow; /* Skip invalidated entries. */ - if (!aclbufp[i].a_type) + if (invalid[i]) continue; allow = STANDARD_RIGHTS_READ @@ -249,7 +252,7 @@ setacl (HANDLE handle, path_conv &pc, int nentries, aclent_t *aclbufp, { inheritance = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE; /* invalidate the corresponding default entry. */ - aclbufp[i + 1 + pos].a_type = 0; + invalid[i + 1 + pos] = true; } switch (aclbufp[i].a_type) { |