libcli/security: conditional aces: don't allow U+0000 in unicode

Allowing this broke a round-trip decode-encode fuzz test. Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62742

(Comments are from an earlier commit by Douglas Bagnall <douglas.bagnall@catalyst.net.nz>)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 13 02:30:23 UTC 2023 on atb-devel-224

diff --git a/librpc/idl/conditional_ace.idl b/librpc/idl/conditional_ace.idl
index e36fe9b43a13328f5ba16ce3a34c9f07f5869906..5842c7dddcbd5296b691679d43b392b71fdb2f92 100644 (file)
--- a/librpc/idl/conditional_ace.idl
+++ b/librpc/idl/conditional_ace.idl
@@ -276,7 +276,12 @@ interface conditional_ace
        } ace_condition_int;
 
        typedef [public] struct {
-               [flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE)] string value;
+               /*
+                * Zeroes are not allowed in the binary format (which
+                * is otherwise UTF-16), and if we did let them
+                * through we would end up with a truncated string.
+                */
+               [flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE|STR_NO_EMBEDDED_NUL)] string value;
        } ace_condition_unicode;
 
        typedef [public] struct {