diff options
author | Volker Lendecke <vl@samba.org> | 2023-01-12 11:55:04 +0100 |
---|---|---|
committer | Ralph Boehme <slow@samba.org> | 2023-01-12 15:38:30 +0000 |
commit | d278fe4a8478c1108b0f95daa99eb0a4e8fa787c (patch) | |
tree | 32997e0c0b6060280296831741d4309115ae6ea3 | |
parent | 3a458a8198eef40e4e58a6dc10525409188d573f (diff) | |
download | samba-d278fe4a8478c1108b0f95daa99eb0a4e8fa787c.tar.gz |
lib: Fix out-of-bounds access in print_ace_flags()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
-rw-r--r-- | source3/lib/util_sd.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c index 02e4648e207..23f37b7e734 100644 --- a/source3/lib/util_sd.c +++ b/source3/lib/util_sd.c @@ -240,6 +240,7 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str) static void print_ace_flags(FILE *f, uint8_t flags) { char *str = talloc_strdup(NULL, ""); + size_t len; if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) { talloc_asprintf_addbuf(&str, "OI|"); @@ -264,9 +265,9 @@ static void print_ace_flags(FILE *f, uint8_t flags) and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're audit ace flags. */ - if (str[strlen(str)-1] == '|') { - str[strlen(str)-1] = '\0'; - fprintf(f, "/%s/", str); + len = strlen(str); + if (len > 0) { + fprintf(f, "/%.*s/", (int)len-1, str); } else { fprintf(f, "/0x%x/", flags); } |