From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Wed, 13 Dec 2023 04:24:50 +0000 (+1300)
Subject: libcli/security: allow round-trip for conditional ACE hex integers
X-Git-Tag: talloc-2.4.2~332
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=66f341e5c3975c549b51a6ce4b82fbe02fb0a71d;p=thirdparty%2Fsamba.git

libcli/security: allow round-trip for conditional ACE hex integers

As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 46dd1714ba5..3d87a2bfafb 100644
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -639,7 +639,7 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
 		} else if (base == CONDITIONAL_ACE_INT_BASE_10) {
 			snprintf(buf, sizeof(buf), "%"PRId64, v);
 		} else {
-			snprintf(buf, sizeof(buf), "%#"PRIx64, v);
+			snprintf(buf, sizeof(buf), "0x%"PRIx64, v);
 		}
 		return sddl_write(ctx, buf);
 	}
@@ -675,7 +675,7 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
 	if (base == CONDITIONAL_ACE_INT_BASE_8) {
 		snprintf(buf + 1, sizeof(buf) - 1, "0%llo", llabs(v));
 	} else {
-		snprintf(buf + 1, sizeof(buf) - 1, "%#llx", llabs(v));
+		snprintf(buf + 1, sizeof(buf) - 1, "0x%llx", llabs(v));
 	}
 	return sddl_write(ctx, buf);
 }