libcli:security: sddl_decode_ace: don't allow junk after SID

sddl_decode_sid() will stop at the first non-SID character. Windows doesn't allow white space here, and nor do we. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-04-22 00:47:16 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-28 02:15:36 +0000
commit: e7445aa677fb56540781ba144fda967d9af95552 (patch)
tree: 0706120173eb4f678c28fe9882cdf18443f9d883 /libcli/security
parent: c67f2292cba7a2ee047b196e565cf97cd6900973 (diff)
download: samba-e7445aa677fb56540781ba144fda967d9af95552.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index a726c06ddaf..7692be8a0e1 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -486,7 +486,9 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
 	}
 	ace->trustee = *sid;
 	talloc_free(sid);
-
+	if (*s != '\0') {
+		return false;
+	}
 	return true;
 }
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2023-04-22 00:47:16 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-28 02:15:36 +0000
commit	e7445aa677fb56540781ba144fda967d9af95552 (patch)
tree	0706120173eb4f678c28fe9882cdf18443f9d883 /libcli/security
parent	c67f2292cba7a2ee047b196e565cf97cd6900973 (diff)
download	samba-e7445aa677fb56540781ba144fda967d9af95552.tar.gz