From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 7 Nov 2023 00:44:55 +0000 (+1300)
Subject: libcli/security: conditional aces: don't allow U+0000 in unicode
X-Git-Tag: talloc-2.4.2~779
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=29bb93d03a48c789e71a434eea65f286bd0029bd;p=thirdparty%2Fsamba.git

libcli/security: conditional aces: don't allow U+0000 in unicode

Allowing this broke a round-trip decode-encode fuzz test. Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62742

(Comments are from an earlier commit by Douglas Bagnall <douglas.bagnall@catalyst.net.nz>)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 13 02:30:23 UTC 2023 on atb-devel-224
---

diff --git a/librpc/idl/conditional_ace.idl b/librpc/idl/conditional_ace.idl
index e36fe9b43a1..5842c7dddcb 100644
--- a/librpc/idl/conditional_ace.idl
+++ b/librpc/idl/conditional_ace.idl
@@ -276,7 +276,12 @@ interface conditional_ace
 	} ace_condition_int;
 
 	typedef [public] struct {
-		[flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE)] string value;
+		/*
+		 * Zeroes are not allowed in the binary format (which
+		 * is otherwise UTF-16), and if we did let them
+		 * through we would end up with a truncated string.
+		 */
+		[flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE|STR_NO_EMBEDDED_NUL)] string value;
 	} ace_condition_unicode;
 
 	typedef [public] struct {