From 574a0e733fb50867867ffe11335ea1f0055cdcd5 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 1 Nov 2018 10:20:40 -0700
Subject: [PATCH] SQUASH: Fixup existing error checks for dom_sid_string_buf()
 now it can return -1 on error.

Signed-off-by: Jeremy Allison <jra@samba.org>
---
 libcli/security/dom_sid.c | 2 +-
 source4/auth/sam.c        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 6583652fd21..d27c7656057 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -486,7 +486,7 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 
 	len = dom_sid_string_buf(sid, buf, sizeof(buf));
 
-	if (len+1 > sizeof(buf)) {
+	if ((len < 0) || (len+1 > sizeof(buf))) {
 		return talloc_strdup(mem_ctx, "(SID ERR)");
 	}
 
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 07cfbd06b33..bc95de223f4 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -638,7 +638,7 @@ _PUBLIC_ NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
 		int len;
 
 		len = dom_sid_string_buf(sid, sid_buf, sizeof(sid_buf));
-		if (len+1 > sizeof(sid_buf)) {
+		if ((len < 0) || (len+1 > sizeof(sid_buf))) {
 			return NT_STATUS_INVALID_SID;
 		}
 		snprintf(dn_str, sizeof(dn_str), "<SID=%s>", sid_buf);
-- 
2.19.1.568.g152ad8e336-goog