[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Nov 2 19:12:03 UTC 2018 

The branch, master has been updated
       via  8b9d362 lib: Add dom_sid_str_buf
       via  831ee63 lib: Add error checks in dom_sid_string_buf
      from  537a26d tests/py/rodc_rwdc: Fix py2/py3 .next compat issues

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Oct 18 05:46:37 2018 +0200

    lib: Add dom_sid_str_buf
    
    This is modeled after server_id_str_buf, which as an API to me is easier to
    use: I can rely on the compiler to get the buffer size right.
    
    It is designed to violate README.Coding's "Make use of helper variables", but
    as this API is simple enough and the output should never be a surprise at all,
    I think that's worth it.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Nov  2 20:11:11 CET 2018 on sn-devel-144

commit 831ee63f54959168cf34f12d4590102f40448cc5
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Nov 1 11:11:17 2018 +0100

    lib: Add error checks in dom_sid_string_buf
    
    Also, avoid casts by using PRIxxx macros
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 libcli/security/dom_sid.c | 42 +++++++++++++++++++++++++++++++++---------
 libcli/security/dom_sid.h |  2 ++
 source4/auth/sam.c        |  2 +-
 3 files changed, 36 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index b876fc8..97f719f 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -431,7 +431,7 @@ bool dom_sid_is_valid_account_domain(const struct dom_sid *sid)
 */
 int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen)
 {
-	int i, ofs;
+	int i, ofs, ret;
 	uint64_t ia;
 
 	if (!sid) {
@@ -445,18 +445,32 @@ int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen)
 		((uint64_t)sid->id_auth[1] << 32) +
 		((uint64_t)sid->id_auth[0] << 40);
 
-	ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num);
+	ret = snprintf(buf, buflen, "S-%"PRIu8"-", sid->sid_rev_num);
+	if (ret < 0) {
+		return ret;
+	}
+	ofs = ret;
+
 	if (ia >= UINT32_MAX) {
-		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx",
-				(unsigned long long)ia);
+		ret = snprintf(buf+ofs, MAX(buflen-ofs, 0), "0x%"PRIx64, ia);
 	} else {
-		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu",
-				(unsigned long long)ia);
+		ret = snprintf(buf+ofs, MAX(buflen-ofs, 0), "%"PRIu64, ia);
 	}
+	if (ret < 0) {
+		return ret;
+	}
+	ofs += ret;
 
 	for (i = 0; i < sid->num_auths; i++) {
-		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u",
-				(unsigned int)sid->sub_auths[i]);
+		ret = snprintf(
+			buf+ofs,
+			MAX(buflen-ofs, 0),
+			"-%"PRIu32,
+			sid->sub_auths[i]);
+		if (ret < 0) {
+			return ret;
+		}
+		ofs += ret;
 	}
 	return ofs;
 }
@@ -472,7 +486,7 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 
 	len = dom_sid_string_buf(sid, buf, sizeof(buf));
 
-	if (len+1 > sizeof(buf)) {
+	if ((len < 0) || (len+1 > sizeof(buf))) {
 		return talloc_strdup(mem_ctx, "(SID ERR)");
 	}
 
@@ -491,3 +505,13 @@ char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid)
 	talloc_set_name_const(result, result);
 	return result;
 }
+
+char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst)
+{
+	int ret;
+	ret = dom_sid_string_buf(sid, dst->buf, sizeof(dst->buf));
+	if ((ret < 0) || (ret >= sizeof(dst->buf))) {
+		strlcpy(dst->buf, "(INVALID SID)", sizeof(dst->buf));
+	}
+	return dst->buf;
+}
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index d9f4b3f..d132628 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -102,6 +102,8 @@ bool dom_sid_is_valid_account_domain(const struct dom_sid *sid);
 int dom_sid_string_buf(const struct dom_sid *sid, char *buf, int buflen);
 char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid);
 
+struct dom_sid_buf { char buf[DOM_SID_STR_BUFLEN]; };
+char *dom_sid_str_buf(const struct dom_sid *sid, struct dom_sid_buf *dst);
 
 const char *sid_type_lookup(uint32_t sid_type);
 const struct security_token *get_system_token(void);
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 07cfbd0..bc95de2 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -638,7 +638,7 @@ _PUBLIC_ NTSTATUS authsam_update_user_info_dc(TALLOC_CTX *mem_ctx,
 		int len;
 
 		len = dom_sid_string_buf(sid, sid_buf, sizeof(sid_buf));
-		if (len+1 > sizeof(sid_buf)) {
+		if ((len < 0) || (len+1 > sizeof(sid_buf))) {
 			return NT_STATUS_INVALID_SID;
 		}
 		snprintf(dn_str, sizeof(dn_str), "<SID=%s>", sid_buf);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list