diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2023-04-12 11:39:25 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-04-28 02:15:36 +0000 |
commit | 67ff4ca200e69a112afa3a25362da707e00732e6 (patch) | |
tree | 42d50a104292575a9d353463c04e58920d927a8b /libcli | |
parent | b3cff5636bcf9fee23207dce5a34569912f4b1cb (diff) | |
download | samba-67ff4ca200e69a112afa3a25362da707e00732e6.tar.gz |
libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/security/dom_sid.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 6cf7cc4d6d8..d0f90c29a79 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -204,7 +204,15 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, } conv = smb_strtoull(q, &end, 10, &error, SMB_STR_STANDARD); - if (conv > UINT32_MAX || error != 0) { + if (conv > UINT32_MAX || error != 0 || end - q > 12) { + /* + * This sub-auth is greater than 4294967295, + * and hence invalid. Windows will treat it as + * 4294967295, while we prefer to refuse (old + * versions of Samba will wrap, arriving at + * another number altogether). + */ + DBG_NOTICE("bad sub-auth in %s\n", sidstr); goto format_error; } |