libcli/security: Fix integer overflow

On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 9a91760ff6246d20f14a34da29b17ec3d7189357..4a726aae7b4c94175e47adecb8606bb42d2f623e 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -74,9 +74,14 @@ int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
        if (sid1->num_auths != sid2->num_auths)
                return sid1->num_auths - sid2->num_auths;
 
-       for (i = sid1->num_auths-1; i >= 0; --i)
-               if (sid1->sub_auths[i] != sid2->sub_auths[i])
-                       return sid1->sub_auths[i] - sid2->sub_auths[i];
+       for (i = sid1->num_auths-1; i >= 0; --i) {
+               if (sid1->sub_auths[i] < sid2->sub_auths[i]) {
+                       return -1;
+               }
+               if (sid1->sub_auths[i] > sid2->sub_auths[i]) {
+                       return 1;
+               }
+       }
 
        return dom_sid_compare_auth(sid1, sid2);
 }
@@ -114,9 +119,14 @@ int dom_sid_compare_domain(const struct dom_sid *sid1,
 
        n = MIN(sid1->num_auths, sid2->num_auths);
 
-       for (i = n-1; i >= 0; --i)
-               if (sid1->sub_auths[i] != sid2->sub_auths[i])
-                       return sid1->sub_auths[i] - sid2->sub_auths[i];
+       for (i = n-1; i >= 0; --i) {
+               if (sid1->sub_auths[i] < sid2->sub_auths[i]) {
+                       return -1;
+               }
+               if (sid1->sub_auths[i] > sid2->sub_auths[i]) {
+                       return 1;
+               }
+       }
 
        return dom_sid_compare_auth(sid1, sid2);
 }