From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 16 Mar 2023 02:44:11 +0000 (+1300)
Subject: libcli/sec/sddl decode: don't ignore random junk.
X-Git-Tag: talloc-2.4.1~836
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22fe657c8a2626816bdb458afe8dc2f094245822;p=thirdparty%2Fsamba.git

libcli/sec/sddl decode: don't ignore random junk.

previously a string could have anything in it, so long as every second
character was ':'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 508ac3e5666..3b2cdfae17a 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -524,6 +524,8 @@ struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
 			sd->group_sid = sddl_decode_sid(sd, &sddl, &state);
 			if (sd->group_sid == NULL) goto failed;
 			break;
+		default:
+			goto failed;
 		}
 	}
 
diff --git a/selftest/knownfail.d/sddl b/selftest/knownfail.d/sddl
new file mode 100644
index 00000000000..e69de29bb2d