From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 20 Dec 2023 00:40:15 +0000 (+1300)
Subject: libcli/security: sddl conditional ACE: write -0 when asked
X-Git-Tag: talloc-2.4.2~193
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=21853b01e65f8b79bdf478d4fe470dcb1639cc48;p=thirdparty%2Fsamba.git

libcli/security: sddl conditional ACE: write -0 when asked

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 75a80e758ad..e9d83b7f9c1 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -653,11 +653,16 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
 	}
 	sign_char = (sign == CONDITIONAL_ACE_INT_SIGN_NEGATIVE) ? '-' : '+';
 	/*
-	 * We can use "%+ld" for the decimal sign, but "%+lx" and "%+lo" are
-	 * invalid because %o and %x are unsigned.
+	 * We can use "%+ld" for the decimal sign (except -0), but
+	 * "%+lx" and "%+lo" are invalid because %o and %x are
+	 * unsigned.
 	 */
 	if (base == CONDITIONAL_ACE_INT_BASE_10) {
-		snprintf(buf, sizeof(buf), "%+"PRId64, v);
+		if (v == 0) {
+			snprintf(buf, sizeof(buf), "%c0", sign_char);
+		} else {
+			snprintf(buf, sizeof(buf), "%+"PRId64, v);
+		}
 		return sddl_write(ctx, buf);
 	}
 
diff --git a/selftest/knownfail.d/sddl-conditional-ace b/selftest/knownfail.d/sddl-conditional-ace
deleted file mode 100644
index f253ee9b738..00000000000
--- a/selftest/knownfail.d/sddl-conditional-ace
+++ /dev/null
@@ -1 +0,0 @@
-samba.unittests.sddl_conditional_ace.test_round_trips