lib: Fix out-of-bounds access in print_ace_flags()

author Volker Lendecke <vl@samba.org>

Thu, 12 Jan 2023 10:55:04 +0000 (11:55 +0100)

committer Ralph Boehme <slow@samba.org>

Thu, 12 Jan 2023 15:38:30 +0000 (15:38 +0000)
author Volker Lendecke <vl@samba.org>
Thu, 12 Jan 2023 10:55:04 +0000 (11:55 +0100)
committer Ralph Boehme <slow@samba.org>
Thu, 12 Jan 2023 15:38:30 +0000 (15:38 +0000)
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c

index 02e4648e2075370e840727da37ac2b46ac4a8f02..23f37b7e7347315a2066ab39816ae23891a8cec0 100644 (file)
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -240,6 +240,7 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str)
  static void print_ace_flags(FILE *f, uint8_t flags)
  {
         char *str = talloc_strdup(NULL, "");
+       size_t len;
  
         if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
                 talloc_asprintf_addbuf(&str, "OI|");
@@ -264,9 +265,9 @@ static void print_ace_flags(FILE *f, uint8_t flags)
            and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
            audit ace flags. */
  
-       if (str[strlen(str)-1] == '|') {
-               str[strlen(str)-1] = '\0';
-               fprintf(f, "/%s/", str);
+       len = strlen(str);
+       if (len > 0) {
+               fprintf(f, "/%.*s/", (int)len-1, str);
         } else {
                 fprintf(f, "/0x%x/", flags);
         }
author	Volker Lendecke <vl@samba.org>
	Thu, 12 Jan 2023 10:55:04 +0000 (11:55 +0100)
committer	Ralph Boehme <slow@samba.org>
	Thu, 12 Jan 2023 15:38:30 +0000 (15:38 +0000)