From 1fbeae41655b8305834f2149b1268077eba8633d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sat, 23 Jan 2010 14:53:54 +0100
Subject: libcli/security: Prohibit SID formats like S-1-5-32-+545

---
 libcli/security/dom_sid.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 6a046cd806..8a2ed1fccc 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -96,12 +96,20 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
 
 	sidstr += 2;
 
+	if (!isdigit(sidstr[0])) {
+		return false;
+	}
+
 	rev = strtoul(sidstr, &p, 10);
 	if (*p != '-') {
 		return false;
 	}
 	sidstr = p+1;
 
+	if (!isdigit(sidstr[0])) {
+		return false;
+	}
+
 	ia = strtoul(sidstr, &p, 10);
 	if (p == sidstr) {
 		return false;
@@ -131,6 +139,11 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
 			return false;
 		}
 		sidstr++;
+
+		if (!isdigit(sidstr[0])) {
+			return false;
+		}
+
 		ret->sub_auths[i] = strtoul(sidstr, &p, 10);
 		if (p == sidstr) {
 			return false;
-- 
cgit