From: Volker Lendecke <vl@samba.org>
Date: Thu, 12 Jan 2023 10:55:04 +0000 (+0100)
Subject: lib: Fix out-of-bounds access in print_ace_flags()
X-Git-Tag: talloc-2.4.0~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d278fe4a8478c1108b0f95daa99eb0a4e8fa787c;p=thirdparty%2Fsamba.git

lib: Fix out-of-bounds access in print_ace_flags()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index 02e4648e207..23f37b7e734 100644
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -240,6 +240,7 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str)
 static void print_ace_flags(FILE *f, uint8_t flags)
 {
 	char *str = talloc_strdup(NULL, "");
+	size_t len;
 
 	if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
 		talloc_asprintf_addbuf(&str, "OI|");
@@ -264,9 +265,9 @@ static void print_ace_flags(FILE *f, uint8_t flags)
 	   and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
 	   audit ace flags. */
 
-	if (str[strlen(str)-1] == '|') {
-		str[strlen(str)-1] = '\0';
-		fprintf(f, "/%s/", str);
+	len = strlen(str);
+	if (len > 0) {
+		fprintf(f, "/%.*s/", (int)len-1, str);
 	} else {
 		fprintf(f, "/0x%x/", flags);
 	}