From 6ccdbbdf2fe9ff24a60cacde96333e9872782bab Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <address@hidden>
Date: Sat, 26 Dec 2015 14:30:49 +0100
Subject: [PATCH 1/2] Fix checks for valid permissions in input

The acl_add_perm, acl_delete_perm and acl_get_perm functions accidentally
check the input permission bits using a wrong negation operator, ! instead
of ~.  As a result, the test is always false and thus no invalid permission
bits are refused.  This patches fixes it.

Signed-off-by: Corinna Vinschen <address@hidden>
---
 libacl/acl_add_perm.c    | 2 +-
 libacl/acl_delete_perm.c | 2 +-
 libacl/acl_get_perm.c    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/libacl/acl_add_perm.c b/libacl/acl_add_perm.c
index 20818db..58ce7f5 100644
--- a/libacl/acl_add_perm.c
+++ b/libacl/acl_add_perm.c
@@ -27,7 +27,7 @@ int
 acl_add_perm(acl_permset_t permset_d, acl_perm_t perm)
 {
 	acl_permset_obj *acl_permset_obj_p = ext2int(acl_permset, permset_d);
-	if (!acl_permset_obj_p || (perm & !(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
+	if (!acl_permset_obj_p || (perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
 		return -1;
 	acl_permset_obj_p->sperm |= perm;
 	return 0;
diff --git a/libacl/acl_delete_perm.c b/libacl/acl_delete_perm.c
index 475ce26..0dcb36e 100644
--- a/libacl/acl_delete_perm.c
+++ b/libacl/acl_delete_perm.c
@@ -27,7 +27,7 @@ int
 acl_delete_perm(acl_permset_t permset_d, acl_perm_t perm)
 {
 	acl_permset_obj *acl_permset_obj_p = ext2int(acl_permset, permset_d);
-	if (!acl_permset_obj_p || (perm & !(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
+	if (!acl_permset_obj_p || (perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
 		return -1;
 	acl_permset_obj_p->sperm &= ~perm;
 	return 0;
diff --git a/libacl/acl_get_perm.c b/libacl/acl_get_perm.c
index be492b6..31357b2 100644
--- a/libacl/acl_get_perm.c
+++ b/libacl/acl_get_perm.c
@@ -26,7 +26,7 @@ int
 acl_get_perm(acl_permset_t permset_d, acl_perm_t perm)
 {
 	acl_permset_obj *acl_permset_obj_p = ext2int(acl_permset, permset_d);
-	if (!acl_permset_obj_p || (perm & !(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
+	if (!acl_permset_obj_p || (perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE)))
 		return -1;
 	return (acl_permset_obj_p->sperm & perm) != 0;
 }
-- 
2.5.0