libcli/security: conditional ACE sddl doesn't have string escapes

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Fri, 22 Sep 2023 02:16:35 +0000 (14:16 +1200)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 26 Sep 2023 23:45:36 +0000 (23:45 +0000)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Fri, 22 Sep 2023 02:16:35 +0000 (14:16 +1200)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 26 Sep 2023 23:45:36 +0000 (23:45 +0000)
diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c

index 1bd074eb4283cc2b0e2144676be880510176d5ad..4404c0d144cd2282680f4f09f5db362d4fec841b 100644 (file)
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -839,12 +839,24 @@ static bool sddl_write_unicode(struct sddl_write_context *ctx,
         char *quoted = NULL;
         bool ok;
         /*
-        * Apparently unicode strings have no mechanism for escapes, which is
-        * nice at this point.
-        *
          * We rely on tok->data.unicode.value being
          * nul-terminated.
          */
+       if (strchr(tok->data.unicode.value, '"') != NULL) {
+               /*
+                * There is a double quote in this string, but SDDL
+                * has no mechanism for escaping these (or anything
+                * else) in unicode strings.
+                *
+                * The only thing to do is fail.
+                *
+                * THis cannot happen with an ACE created from SDDL,
+                * because the same no-escapes rule applies on the way
+                * in.
+                */
+               return false;
+       }
+
         quoted = talloc_asprintf(ctx->mem_ctx, "\"%s\"",
                                  tok->data.unicode.value);
         if (quoted == NULL) {
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Fri, 22 Sep 2023 02:16:35 +0000 (14:16 +1200)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 26 Sep 2023 23:45:36 +0000 (23:45 +0000)