diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-09-04 14:11:46 +1000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-09-14 14:48:49 -0700 |
commit | 1892df6ca803aed94e91cbd7a12ca1b8470dfc89 (patch) | |
tree | 1f7ece02903fe02ca587ff9b301ece110972c33c /source3/lib | |
parent | 46f585e364fc1640cf01ba0c738c6c5559f0b4fd (diff) | |
download | samba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.tar.gz samba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.tar.bz2 samba-1892df6ca803aed94e91cbd7a12ca1b8470dfc89.zip |
s3-util_sid Use the NDR parser to parse struct dom_sid
The manual parser failed to constrain the maximum number of
sub-authorities to 15, allowing an overflow of the array.
Andrew Bartlett
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_sid.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index b0b8d0ef72..92218ff2b2 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -297,20 +297,14 @@ bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid) bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) { - int i; - if (len < 8) - return False; - - ZERO_STRUCTP(sid); - - sid->sid_rev_num = CVAL(inbuf, 0); - sid->num_auths = CVAL(inbuf, 1); - memcpy(sid->id_auth, inbuf+2, 6); - if (len < 8 + sid->num_auths*4) - return False; - for (i=0;i<sid->num_auths;i++) - sid->sub_auths[i] = IVAL(inbuf, 8+i*4); - return True; + enum ndr_err_code ndr_err; + DATA_BLOB in = data_blob_const(inbuf, len); + ndr_err = ndr_pull_struct_blob_all(&in, NULL, sid, + (ndr_pull_flags_fn_t)ndr_pull_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + return true; } /***************************************************************** |