libcli/security: ace type is not enum not flags

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2023-03-24 16:18:44 +1300
committer: Andrew Bartlett <abartlet@samba.org> 2023-04-28 02:15:36 +0000
commit: 251da186bf4cf184ec0561ae404cfd5f08b0ae65 (patch)
tree: bbe1e3ce41355a66a30abb423edd5e00e4d2f2cc /libcli
parent: 56da318ceea55763134587ab615cbfbbf955df11 (diff)
download: samba-251da186bf4cf184ec0561ae404cfd5f08b0ae65.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 6e4cb1085e8..93ff97abe21 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -404,6 +404,7 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
 	uint32_t v;
 	struct dom_sid *sid;
 	bool ok;
+	size_t len;
 
 	ZERO_STRUCTP(ace);
 
@@ -418,9 +419,16 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
 	}
 
 	/* parse ace type */
-	if (!sddl_map_flags(ace_types, tok[0], &v, NULL, false)) {
+	ok = sddl_map_flag(ace_types, tok[0], &len, &v);
+	if (!ok) {
+		DBG_WARNING("Unknown ACE type - %s\n", tok[0]);
 		return false;
 	}
+	if (tok[0][len] != '\0') {
+		DBG_WARNING("Garbage after ACE type - %s\n", tok[0]);
+		return false;
+	}
+
 	ace->type = v;
 
 	/* ace flags */
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2023-03-24 16:18:44 +1300
committer	Andrew Bartlett <abartlet@samba.org>	2023-04-28 02:15:36 +0000
commit	251da186bf4cf184ec0561ae404cfd5f08b0ae65 (patch)
tree	bbe1e3ce41355a66a30abb423edd5e00e4d2f2cc /libcli
parent	56da318ceea55763134587ab615cbfbbf955df11 (diff)
download	samba-251da186bf4cf184ec0561ae404cfd5f08b0ae65.tar.gz