From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 9 Nov 2023 22:33:56 +0000 (+1300)
Subject: libcli/security:sddl_parse: add some top level error messages
X-Git-Tag: talloc-2.4.2~695
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b4f97249f35a2c4e1f0ece052afff443f9f1b60;p=thirdparty%2Fsamba.git

libcli/security:sddl_parse: add some top level error messages

the way we parse things, we can't really distinguish between complete
nonsense and an ACL that seems to end early because of bad flags. That
is, "D:ZZ(A;;;;;WD)" looks the same as "ZZ" to the parser. But at least
we can point to the right place in the string.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 80db182ff9c..898725bd4cd 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -916,8 +916,12 @@ struct security_descriptor *sddl_decode_err_msg(TALLOC_CTX *mem_ctx, const char
 	while (*sddl) {
 		uint32_t flags;
 		char c = sddl[0];
-		if (sddl[1] != ':') goto failed;
-
+		if (sddl[1] != ':') {
+			*msg = talloc_strdup(mem_ctx,
+					     "expected '[OGDS]:' section start "
+					     "(or the previous section ended prematurely)");
+			goto failed;
+		}
 		sddl += 2;
 		switch (c) {
 		case 'D':
@@ -945,6 +949,7 @@ struct security_descriptor *sddl_decode_err_msg(TALLOC_CTX *mem_ctx, const char
 			if (sd->group_sid == NULL) goto failed;
 			break;
 		default:
+			*msg = talloc_strdup(mem_ctx, "unexpected character (expected [OGDS])");
 			goto failed;
 		}
 	}