From 29bb93d03a48c789e71a434eea65f286bd0029bd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 7 Nov 2023 13:44:55 +1300
Subject: [PATCH] libcli/security: conditional aces: don't allow U+0000 in
 unicode

Allowing this broke a round-trip decode-encode fuzz test. Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62742

(Comments are from an earlier commit by Douglas Bagnall <douglas.bagnall@catalyst.net.nz>)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 13 02:30:23 UTC 2023 on atb-devel-224
---
 librpc/idl/conditional_ace.idl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/librpc/idl/conditional_ace.idl b/librpc/idl/conditional_ace.idl
index e36fe9b43a1..5842c7dddcb 100644
--- a/librpc/idl/conditional_ace.idl
+++ b/librpc/idl/conditional_ace.idl
@@ -276,7 +276,12 @@ interface conditional_ace
 	} ace_condition_int;
 
 	typedef [public] struct {
-		[flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE)] string value;
+		/*
+		 * Zeroes are not allowed in the binary format (which
+		 * is otherwise UTF-16), and if we did let them
+		 * through we would end up with a truncated string.
+		 */
+		[flag(STR_SIZE4|STR_NOTERM|STR_BYTESIZE|STR_NO_EMBEDDED_NUL)] string value;
 	} ace_condition_unicode;
 
 	typedef [public] struct {
-- 
2.47.3