From 34d3639305bed5fd202114044fc76e53980dfee4 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 31 Jul 2013 10:38:20 -0400 Subject: libcli: fix conversion logic in dom_sid_parse_endp Signed-off-by: Jeff Layton Reviewed-by: Jeremy Allison --- libcli/security/dom_sid.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'libcli') diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 16b7af92f4..5905e365bd 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -120,6 +120,7 @@ int dom_sid_compare_domain(const struct dom_sid *sid1, Convert a string to a SID. Returns True on success, False on fail. Return the first character not parsed in endp. *****************************************************************/ +#define AUTHORITY_MASK (~(0xffffffffffffULL)) bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, const char **endp) @@ -127,7 +128,7 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, const char *p; char *q; /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */ - uint32_t conv; + uint64_t conv; ZERO_STRUCTP(sidout); @@ -142,8 +143,8 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, goto format_error; } - conv = (uint32_t) strtoul(p, &q, 10); - if (!q || (*q != '-')) { + conv = strtoul(p, &q, 10); + if (!q || (*q != '-') || conv > UINT8_MAX) { goto format_error; } sidout->sid_rev_num = (uint8_t) conv; @@ -154,19 +155,19 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, } /* get identauth */ - conv = (uint32_t) strtoul(q, &q, 10); - if (!q) { + conv = strtoull(q, &q, 0); + if (!q || conv & AUTHORITY_MASK) { goto format_error; } - /* identauth in decimal should be < 2^32 */ + /* When identauth >= UINT32_MAX, it's in hex with a leading 0x */ /* NOTE - the conv value is in big-endian format. */ - sidout->id_auth[0] = 0; - sidout->id_auth[1] = 0; - sidout->id_auth[2] = (conv & 0xff000000) >> 24; - sidout->id_auth[3] = (conv & 0x00ff0000) >> 16; - sidout->id_auth[4] = (conv & 0x0000ff00) >> 8; - sidout->id_auth[5] = (conv & 0x000000ff); + sidout->id_auth[0] = (conv & 0xff0000000000ULL) >> 40; + sidout->id_auth[1] = (conv & 0x00ff00000000ULL) >> 32; + sidout->id_auth[2] = (conv & 0x0000ff000000ULL) >> 24; + sidout->id_auth[3] = (conv & 0x000000ff0000ULL) >> 16; + sidout->id_auth[4] = (conv & 0x00000000ff00ULL) >> 8; + sidout->id_auth[5] = (conv & 0x0000000000ffULL); sidout->num_auths = 0; if (*q != '-') { @@ -183,8 +184,8 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout, goto format_error; } - conv = strtoul(q, &end, 10); - if (end == q) { + conv = strtoull(q, &end, 10); + if (end == q || conv > UINT32_MAX) { goto format_error; } -- cgit