]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e004a5a)
libcli/security: don't allow conditional ACE SIDs to have trailing bytes
authorDouglas Bagnall <douglas.bagnall@catalyst.net.nz>
Wed, 13 Dec 2023 02:39:33 +0000 (15:39 +1300)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 14 Dec 2023 03:31:37 +0000 (03:31 +0000)
They should be tightly packed, allowing conditional ACEs to
round-trip.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64197

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/security/conditional_ace.c patch | blob | blame | history

diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index 1876b52c141380a2dd00b513ba6e568285852098..158c8ecf82e400b34e28a3edc53da521be203ee1 100644 (file)
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -254,6 +254,8 @@ static ssize_t pull_sid(TALLOC_CTX *mem_ctx,
        if (ndr == NULL) {
                return -1;
        }
+       ndr->flags |= LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES;
+
        ndr_err = ndr_pull_ace_condition_sid(ndr, NDR_SCALARS|NDR_BUFFERS, tok);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                TALLOC_FREE(ndr);
Mirror of https://github.com/samba-team/samba.git