From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sat, 4 May 2024 01:32:39 +0000 (+1200)
Subject: ldb-samba: ldif_read_objectSid() short-circuits without 'S'
X-Git-Tag: tdb-1.4.11~810
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf4af1a28a3580223fcc3a861c7fdd1b43f234d1;p=thirdparty%2Fsamba.git

ldb-samba: ldif_read_objectSid() short-circuits without 'S'

This avoids a memcpy, and level 3 debug verbosity from
dom_sid_parse_endp().

In other places we have something like `|| in->data[1] != '-'`, but
that is not useful here -- the value is either a string SID, or a
binary SID that starts with '\1', or some awful value that we *do*
want to get messages about.

This replaces the work of ldif_comparision_objectSid_isString().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index b803c4486d3..458811f2207 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -91,6 +91,12 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
 	struct dom_sid sid;
 	if (in->length > DOM_SID_STR_BUFLEN) {
 		return -1;
+	}
+	if (in->length < 5) { /* "S-1-x" */
+		return -1;
+	}
+	if (in->data[0] != 'S' && in->data[0] != 's') {
+		return -1;
 	} else {
 		char p[in->length+1];
 		memcpy(p, in->data, in->length);