diff options
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2023-04-12 11:39:25 +1200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2023-04-28 02:15:36 +0000 |
| commit | 67ff4ca200e69a112afa3a25362da707e00732e6 (patch) | |
| tree | 42d50a104292575a9d353463c04e58920d927a8b | |
| parent | b3cff5636bcf9fee23207dce5a34569912f4b1cb (diff) | |
| download | samba-67ff4ca200e69a112afa3a25362da707e00732e6.tar.gz | |
libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| -rw-r--r-- | libcli/security/dom_sid.c | 10 | ||||
| -rw-r--r-- | selftest/knownfail.d/sid-strings | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 6cf7cc4d6d8..d0f90c29a79 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -204,7 +204,15 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, } conv = smb_strtoull(q, &end, 10, &error, SMB_STR_STANDARD); - if (conv > UINT32_MAX || error != 0) { + if (conv > UINT32_MAX || error != 0 || end - q > 12) { + /* + * This sub-auth is greater than 4294967295, + * and hence invalid. Windows will treat it as + * 4294967295, while we prefer to refuse (old + * versions of Samba will wrap, arriving at + * another number altogether). + */ + DBG_NOTICE("bad sub-auth in %s\n", sidstr); goto format_error; } diff --git a/selftest/knownfail.d/sid-strings b/selftest/knownfail.d/sid-strings index 3859b8a50dd..5392e54deaf 100644 --- a/selftest/knownfail.d/sid-strings +++ b/selftest/knownfail.d/sid-strings @@ -72,6 +72,7 @@ ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-22.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-281474976710656-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-0x20-579.ad_dc +^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-20-00000000000243.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-3.2-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32--579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32-.579.ad_dc @@ -87,5 +88,6 @@ ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0xABcDef123-0xABCDef-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-22.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-5-0x20-579.ad_dc +^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-5-20-00000000000243.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_s-1-5-32-579.ad_dc ^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_s-1-5-32-579.ad_dc |