Fix string_to_sid() to allow non '\0' termination of the string
Andrew Bartlett
abartlet at samba.org
Tue Sep 14 16:38:54 MDT 2010
On Tue, 2010-09-14 at 23:51 +0200, Jeremy Allison wrote:
> The branch, v3-6-test has been updated
> via c4a31cf Fix string_to_sid() to allow non '
> via ea8f73f s3-torture Add tests to show that the dom_sid parsing was faulty.
> via b45b538 s3-util_sid Use the NDR parser to parse struct dom_sid
> via dad0b14 libcli/security Use sid_append_rid() in dom_sid_append_rid()
> via 4ac32a5 libcli/security Merge source3/ string_to_sid() to common code
> via 9e31c9a s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
> via 1ac4f6a s3-util_sid Accept S-1-5 as a SID (cherry picked from commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
> via 0dc0a81 s3-dom_sid Use C99 types in dom_sid handling
> from f4c8bda Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
>
>
> - Log -----------------------------------------------------------------
> commit c4a31cf4d6b1a7c342ed223bdbab3dbd21073f5d
> Author: Jeremy Allison <jra at samba.org>
> Date: Tue Sep 14 14:45:45 2010 -0700
>
> Fix string_to_sid() to allow non '\0' termination of the string - allows
> string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
>
> Jeremy.
> (cherry picked from commit 55b315094ef8a8ed691f9717c28cab301e17ef25)
Firstly, thanks for merging these changes.
However, while I can't argue with 'existing code needs this', I wonder
if this is really desirable behaviour? Shouldn't we have the caller
trim off the string, or call a function with a length specified? It
just seems we may loose an important guard against invalid input this
way.
What do you think?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100915/f562aa19/attachment.pgp>
More information about the samba-technical
mailing list