libcli/security: avoid overflow in revision number

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 7d6b11089cd728e69ba9ea8e36a2f65ff086848a..bcab0aec40760b2c4256784ff84022e88cf19741 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -149,7 +149,7 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
        }
 
        conv = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
-       if (error != 0 || (*q != '-') || conv > UINT8_MAX) {
+       if (error != 0 || (*q != '-') || conv > UINT8_MAX || q - p > 4) {
                goto format_error;
        }
        sidout->sid_rev_num = (uint8_t) conv;

diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings
index 6b3c5f66117aeb5d279a9be5edf4b230c0dc4efe..3859b8a50dd3f61b31c47c4c7d1d0ca968ee8357 100644 (file)
--- a/selftest/knownfail.d/sid-strings
+++ b/selftest/knownfail.d/sid-strings
@@ -50,21 +50,19 @@
 ^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aA.ad_dc
 ^samba.tests.sid_strings.+.SidStringTests.test_sid_string_internal_aa.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-0-5-32-579.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000000001-5-20-243.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-000000001-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-3-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-1-5-3.2-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-10-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnInSearchBase.test_sid_string_S-2-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-0-5-32-579.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000000001-5-20-243.ad_dc
-^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-000000001-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-0x05-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-3-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-1-5-3.2-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-10-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsAsDnSearchWithDnObject.test_sid_string_S-2-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_.S-1-1-1-1-1-1-1.ad_dc
+^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-000000000001-5-20-243.ad_dc
+^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-000000001-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x05-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-0x5-0x20-0x243.ad_dc
@@ -79,6 +77,8 @@
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32-.579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32.-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-99999999999999999999999999999999999999-32-11111111111.ad_dc
+^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-000000000001-5-20-243.ad_dc
+^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-000000001-5-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x05-32-579.ad_dc
 ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0x5-0x20-0x243.ad_dc