Fix string_to_sid() to allow non '\0' termination of the string

Andrew Bartlett abartlet at samba.org
Tue Sep 14 16:38:54 MDT 2010 

On Tue, 2010-09-14 at 23:51 +0200, Jeremy Allison wrote:
> The branch, v3-6-test has been updated
>        via  c4a31cf Fix string_to_sid() to allow non '
>        via  ea8f73f s3-torture Add tests to show that the dom_sid parsing was faulty.
>        via  b45b538 s3-util_sid Use the NDR parser to parse struct dom_sid
>        via  dad0b14 libcli/security Use sid_append_rid() in dom_sid_append_rid()
>        via  4ac32a5 libcli/security Merge source3/ string_to_sid() to common code
>        via  9e31c9a s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
>        via  1ac4f6a s3-util_sid Accept S-1-5 as a SID (cherry picked from commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
>        via  0dc0a81 s3-dom_sid Use C99 types in dom_sid handling
>       from  f4c8bda Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> 
> 
> - Log -----------------------------------------------------------------
> commit c4a31cf4d6b1a7c342ed223bdbab3dbd21073f5d
> Author: Jeremy Allison <jra at samba.org>
> Date:   Tue Sep 14 14:45:45 2010 -0700
> 
>     Fix string_to_sid() to allow non '\0' termination of the string - allows
>     string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
>     
>     Jeremy.
>     (cherry picked from commit 55b315094ef8a8ed691f9717c28cab301e17ef25)

Firstly, thanks for merging these changes.  

However, while I can't argue with 'existing code needs this', I wonder
if this is really desirable behaviour?  Shouldn't we have the caller
trim off the string, or call a function with a length specified?  It
just seems we may loose an important guard against invalid input this
way.

What do you think?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100915/f562aa19/attachment.pgp>

More information about the samba-technical mailing list