lib: Fix out-of-bounds access in print_ace_flags()

Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Volker Lendecke <vl@samba.org> 2023-01-12 11:55:04 +0100
committer: Ralph Boehme <slow@samba.org> 2023-01-12 15:38:30 +0000
commit: d278fe4a8478c1108b0f95daa99eb0a4e8fa787c (patch)
tree: 32997e0c0b6060280296831741d4309115ae6ea3
parent: 3a458a8198eef40e4e58a6dc10525409188d573f (diff)
download: samba-d278fe4a8478c1108b0f95daa99eb0a4e8fa787c.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index 02e4648e207..23f37b7e734 100644
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -240,6 +240,7 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str)
 static void print_ace_flags(FILE *f, uint8_t flags)
 {
 	char *str = talloc_strdup(NULL, "");
+	size_t len;
 
 	if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
 		talloc_asprintf_addbuf(&str, "OI|");
@@ -264,9 +265,9 @@ static void print_ace_flags(FILE *f, uint8_t flags)
 	   and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
 	   audit ace flags. */
 
-	if (str[strlen(str)-1] == '|') {
-		str[strlen(str)-1] = '\0';
-		fprintf(f, "/%s/", str);
+	len = strlen(str);
+	if (len > 0) {
+		fprintf(f, "/%.*s/", (int)len-1, str);
 	} else {
 		fprintf(f, "/0x%x/", flags);
 	}
author	Volker Lendecke <vl@samba.org>	2023-01-12 11:55:04 +0100
committer	Ralph Boehme <slow@samba.org>	2023-01-12 15:38:30 +0000
commit	d278fe4a8478c1108b0f95daa99eb0a4e8fa787c (patch)
tree	32997e0c0b6060280296831741d4309115ae6ea3
parent	3a458a8198eef40e4e58a6dc10525409188d573f (diff)
download	samba-d278fe4a8478c1108b0f95daa99eb0a4e8fa787c.tar.gz