From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 20 Dec 2023 00:37:29 +0000 (+1300)
Subject: libcli/security: tests for signed zeros in sddl condtional ACEs
X-Git-Tag: talloc-2.4.2~195
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46f61570714fffe43f5328cd46e1d1848a4d5daa;p=thirdparty%2Fsamba.git

libcli/security: tests for signed zeros in sddl condtional ACEs

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/tests/test_sddl_conditional_ace.c b/libcli/security/tests/test_sddl_conditional_ace.c
index 3ea9e23b2b8..fc9281d92f4 100644
--- a/libcli/security/tests/test_sddl_conditional_ace.c
+++ b/libcli/security/tests/test_sddl_conditional_ace.c
@@ -587,6 +587,8 @@ static void test_round_trips(void **state)
 	 * which then parses again into the same conditional ACE.
 	 */
 	static const char *sddl[] = {
+		"(0>-0)",
+		"(0>+0)",
 		("(Member_of{SID(AA)})"),
 		("(a Contains @USER.b == @device.c)"),
 		("(a == @user.b == @resource.c)"),
diff --git a/selftest/knownfail.d/sddl-conditional-ace b/selftest/knownfail.d/sddl-conditional-ace
new file mode 100644
index 00000000000..f253ee9b738
--- /dev/null
+++ b/selftest/knownfail.d/sddl-conditional-ace
@@ -0,0 +1 @@
+samba.unittests.sddl_conditional_ace.test_round_trips