libcli/sec/sddl decode: don't ignore random junk.

previously a string could have anything in it, so long as every second
character was ':'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 2 insertions, 0 deletions

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 508ac3e5666..3b2cdfae17a 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -524,6 +524,8 @@ struct security_descriptor *sddl_decode(TALLOC_CTX *mem_ctx, const char *sddl,
 			sd->group_sid = sddl_decode_sid(sd, &sddl, &state);
 			if (sd->group_sid == NULL) goto failed;
 			break;
+		default:
+			goto failed;
 		}
 	}