util_sd: fix incorrect strings match

parse_ace() accepted strings like "ALLOWED123" as valid ACE
types because strncmp() compared only prefixes without
NULL terminators.

Switch to exact string comparison to ensure only valid
ACE type names are accepted.

Pair-Programmed-With: Dmitry Mikhalchenko <tascad@altlinux.org>
Signed-off-by: Daniil Sarafannikov <sarafannikovda@sgu.ru>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jun  3 08:26:04 UTC 2026 on atb-devel-224

diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index 86e375cb0dd8f3a95157c6a7843dac80caa1116e..50c47c2ef8d53e68cf91b02ddf8a9dd6a756cdc2 100644 (file)
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -432,9 +432,9 @@ bool parse_ace(struct cli_state *cli, struct security_ace *ace,
                return False;
        }
 
-       if (strncmp(tok, "ALLOWED", strlen("ALLOWED")) == 0) {
+       if (strcmp(tok, "ALLOWED") == 0) {
                atype = SEC_ACE_TYPE_ACCESS_ALLOWED;
-       } else if (strncmp(tok, "DENIED", strlen("DENIED")) == 0) {
+       } else if (strcmp(tok, "DENIED") == 0) {
                atype = SEC_ACE_TYPE_ACCESS_DENIED;
 
        } else if (strnequal(tok, "0x", 2)) {