From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 2 Aug 2023 02:27:31 +0000 (+1200)
Subject: libcli/security: Fix integer overflow
X-Git-Tag: tevent-0.16.0~1164
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbf53bf3d5e1cd154840b33f946a7a5c46a283af;p=thirdparty%2Fsamba.git

libcli/security: Fix integer overflow

On a typical machine where the size of ‘int’ is 32 bits or smaller, a
sub-authority of 2147483649 would be ordered before a sub-authority of
1, even though it is greater.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 9a91760ff62..4a726aae7b4 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -74,9 +74,14 @@ int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
 	if (sid1->num_auths != sid2->num_auths)
 		return sid1->num_auths - sid2->num_auths;
 
-	for (i = sid1->num_auths-1; i >= 0; --i)
-		if (sid1->sub_auths[i] != sid2->sub_auths[i])
-			return sid1->sub_auths[i] - sid2->sub_auths[i];
+	for (i = sid1->num_auths-1; i >= 0; --i) {
+		if (sid1->sub_auths[i] < sid2->sub_auths[i]) {
+			return -1;
+		}
+		if (sid1->sub_auths[i] > sid2->sub_auths[i]) {
+			return 1;
+		}
+	}
 
 	return dom_sid_compare_auth(sid1, sid2);
 }
@@ -114,9 +119,14 @@ int dom_sid_compare_domain(const struct dom_sid *sid1,
 
 	n = MIN(sid1->num_auths, sid2->num_auths);
 
-	for (i = n-1; i >= 0; --i)
-		if (sid1->sub_auths[i] != sid2->sub_auths[i])
-			return sid1->sub_auths[i] - sid2->sub_auths[i];
+	for (i = n-1; i >= 0; --i) {
+		if (sid1->sub_auths[i] < sid2->sub_auths[i]) {
+			return -1;
+		}
+		if (sid1->sub_auths[i] > sid2->sub_auths[i]) {
+			return 1;
+		}
+	}
 
 	return dom_sid_compare_auth(sid1, sid2);
 }