libcli/security: avoid overflow in subauths

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-04-12 11:39:25 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-28 02:15:36 +0000
commit: 67ff4ca200e69a112afa3a25362da707e00732e6 (patch)
tree: 42d50a104292575a9d353463c04e58920d927a8b /libcli
parent: b3cff5636bcf9fee23207dce5a34569912f4b1cb (diff)
download: samba-67ff4ca200e69a112afa3a25362da707e00732e6.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 6cf7cc4d6d8..d0f90c29a79 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -204,7 +204,15 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
 		}
 
 		conv = smb_strtoull(q, &end, 10, &error, SMB_STR_STANDARD);
-		if (conv > UINT32_MAX || error != 0) {
+		if (conv > UINT32_MAX || error != 0 || end - q > 12) {
+			/*
+			 * This sub-auth is greater than 4294967295,
+			 * and hence invalid. Windows will treat it as
+			 * 4294967295, while we prefer to refuse (old
+			 * versions of Samba will wrap, arriving at
+			 * another number altogether).
+                         */
+			DBG_NOTICE("bad sub-auth in %s\n", sidstr);
 			goto format_error;
 		}
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2023-04-12 11:39:25 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-28 02:15:36 +0000
commit	67ff4ca200e69a112afa3a25362da707e00732e6 (patch)
tree	42d50a104292575a9d353463c04e58920d927a8b /libcli
parent	b3cff5636bcf9fee23207dce5a34569912f4b1cb (diff)
download	samba-67ff4ca200e69a112afa3a25362da707e00732e6.tar.gz