1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

libcli/security: avoid overflow in subauths

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-04-12 11:39:25 +12:00 committed by Andrew Bartlett
parent b3cff5636b
commit 67ff4ca200
2 changed files with 11 additions and 1 deletions
libcli/security
selftest/knownfail.d

View File

@ -204,7 +204,15 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
}
conv = smb_strtoull(q, &end, 10, &error, SMB_STR_STANDARD);
if (conv > UINT32_MAX || error != 0) {
if (conv > UINT32_MAX || error != 0 || end - q > 12) {
/*
* This sub-auth is greater than 4294967295,
* and hence invalid. Windows will treat it as
* 4294967295, while we prefer to refuse (old
* versions of Samba will wrap, arriving at
* another number altogether).
*/
DBG_NOTICE("bad sub-auth in %s\n", sidstr);
goto format_error;
}

View File

@ -72,6 +72,7 @@
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-22.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-281474976710656-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-0x20-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-20-00000000000243.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-3.2-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32--579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_S-1-5-32-.579.ad_dc
@ -87,5 +88,6 @@
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-0xABcDef123-0xABCDef-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-22.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-5-0x20-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_S-1-5-20-00000000000243.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_internal_s-1-5-32-579.ad_dc
^samba.tests.sid_strings.+.SidStringsThatStartWithS.test_sid_string_s-1-5-32-579.ad_dc