From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 22 Sep 2023 02:16:35 +0000 (+1200)
Subject: libcli/security: conditional ACE sddl doesn't have string escapes
X-Git-Tag: tevent-0.16.0~403
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65674cde60ca21d2f451f5e68f6b7cb7d1e339a4;p=thirdparty%2Fsamba.git

libcli/security: conditional ACE sddl doesn't have string escapes

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 1bd074eb428..4404c0d144c 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -839,12 +839,24 @@ static bool sddl_write_unicode(struct sddl_write_context *ctx,
 	char *quoted = NULL;
 	bool ok;
 	/*
-	 * Apparently unicode strings have no mechanism for escapes, which is
-	 * nice at this point.
-	 *
 	 * We rely on tok->data.unicode.value being
 	 * nul-terminated.
 	 */
+	if (strchr(tok->data.unicode.value, '"') != NULL) {
+		/*
+		 * There is a double quote in this string, but SDDL
+		 * has no mechanism for escaping these (or anything
+		 * else) in unicode strings.
+		 *
+		 * The only thing to do is fail.
+		 *
+		 * THis cannot happen with an ACE created from SDDL,
+		 * because the same no-escapes rule applies on the way
+		 * in.
+		 */
+		return false;
+	}
+
 	quoted = talloc_asprintf(ctx->mem_ctx, "\"%s\"",
 				 tok->data.unicode.value);
 	if (quoted == NULL) {