From 60c318fc66b8c0fa790359a5428c9c135e99591c Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 4 Apr 2024 13:43:47 +1300
Subject: [PATCH] libcli/security: use NUMERIC_CMP in dom_sid_compare()

sid->num_auths is always small (int8 < 16), so this is cosmetic only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit cb94202c1cf990e871ee2e8e43c577a0e4b9ee6f)
[dbagnall@samba.org: file changed in master]
---
 libcli/security/dom_sid.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 9a91760ff62..38f98f9f906 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -28,6 +28,7 @@
 #include "librpc/gen_ndr/security.h"
 #include "dom_sid.h"
 #include "lib/util/smb_strtox.h"
+#include "lib/util/tsort.h"
 
 /*****************************************************************
  Compare the auth portion of two sids.
@@ -71,12 +72,17 @@ int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2)
 		return 1;
 
 	/* Compare most likely different rids, first: i.e start at end */
-	if (sid1->num_auths != sid2->num_auths)
-		return sid1->num_auths - sid2->num_auths;
-
-	for (i = sid1->num_auths-1; i >= 0; --i)
-		if (sid1->sub_auths[i] != sid2->sub_auths[i])
-			return sid1->sub_auths[i] - sid2->sub_auths[i];
+	if (sid1->num_auths != sid2->num_auths) {
+		return NUMERIC_CMP(sid1->num_auths, sid2->num_auths);
+	}
+	for (i = sid1->num_auths-1; i >= 0; --i) {
+		if (sid1->sub_auths[i] < sid2->sub_auths[i]) {
+			return -1;
+		}
+		if (sid1->sub_auths[i] > sid2->sub_auths[i]) {
+			return 1;
+		}
+	}
 
 	return dom_sid_compare_auth(sid1, sid2);
 }
-- 
2.47.2