summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-09-04 14:11:46 +1000
committerJeremy Allison <jra@samba.org>2010-09-14 14:48:49 -0700
commit1892df6ca803aed94e91cbd7a12ca1b8470dfc89 (patch)
tree1f7ece02903fe02ca587ff9b301ece110972c33c
parent46f585e364fc1640cf01ba0c738c6c5559f0b4fd (diff)
downloadsamba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.tar.gz
samba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.tar.bz2
samba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.zip
s3-util_sid Use the NDR parser to parse struct dom_sid
The manual parser failed to constrain the maximum number of sub-authorities to 15, allowing an overflow of the array. Andrew Bartlett
-rw-r--r--source3/lib/util_sid.c22
1 files changed, 8 insertions, 14 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index b0b8d0ef72..92218ff2b2 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -297,20 +297,14 @@ bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid)
bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid)
{
- int i;
- if (len < 8)
- return False;
-
- ZERO_STRUCTP(sid);
-
- sid->sid_rev_num = CVAL(inbuf, 0);
- sid->num_auths = CVAL(inbuf, 1);
- memcpy(sid->id_auth, inbuf+2, 6);
- if (len < 8 + sid->num_auths*4)
- return False;
- for (i=0;i<sid->num_auths;i++)
- sid->sub_auths[i] = IVAL(inbuf, 8+i*4);
- return True;
+ enum ndr_err_code ndr_err;
+ DATA_BLOB in = data_blob_const(inbuf, len);
+ ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid,
+ (ndr_pull_flags_fn_t)ndr_pull_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
+ }
+ return true;
}
/*****************************************************************