From: Douglas Bagnall Date: Wed, 22 Nov 2023 00:23:26 +0000 (+1300) Subject: libcli/security: sddl_conditional_ace: add parse_uint for RA aces X-Git-Tag: talloc-2.4.2~552 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=800f770e1112082067da975fe14db83b6ef437b4;p=thirdparty%2Fsamba.git libcli/security: sddl_conditional_ace: add parse_uint for RA aces Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c index bfc3b41b875..61de1701995 100644 --- a/libcli/security/sddl_conditional_ace.c +++ b/libcli/security/sddl_conditional_ace.c @@ -2085,6 +2085,31 @@ static bool parse_int(struct ace_condition_sddl_compiler_context *comp) } +static bool parse_uint(struct ace_condition_sddl_compiler_context *comp) +{ + struct ace_condition_token *tok = NULL; + bool ok = parse_int(comp); + if (ok == false) { + return false; + } + /* + * check that the token's value is positive. + */ + if (comp->target_len == 0) { + return false; + } + tok = &comp->target[*comp->target_len - 1]; + if (tok->type != CONDITIONAL_ACE_TOKEN_INT64) { + return false; + } + if (tok->data.int64.value < 0) { + comp_error(comp, "invalid resource ACE value for unsigned TU claim"); + return false; + } + return true; +} + + static bool could_be_an_int(struct ace_condition_sddl_compiler_context *comp) { const char *start = (const char*)(comp->sddl + comp->offset); @@ -2992,6 +3017,8 @@ static bool parse_resource_attr_list( ok = parse_unicode(comp); break; case 'U': + ok = parse_uint(comp); + break; case 'B': case 'I': ok = parse_int(comp);