1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

libcli/security: don't allow conditional ACE SIDs to have trailing bytes

They should be tightly packed, allowing conditional ACEs to
round-trip.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64197

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall 2023-12-13 15:39:33 +13:00 committed by Andrew Bartlett
parent e004a5a444
commit a016ce7068

View File

@ -254,6 +254,8 @@ static ssize_t pull_sid(TALLOC_CTX *mem_ctx,
if (ndr == NULL) {
return -1;
}
ndr->flags |= LIBNDR_FLAG_SUBCONTEXT_NO_UNREAD_BYTES;
ndr_err = ndr_pull_ace_condition_sid(ndr, NDR_SCALARS|NDR_BUFFERS, tok);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
TALLOC_FREE(ndr);