bug in wbcStringToSid
Herb Lewis
hlewis at panasas.com
Thu Jul 17 03:12:05 GMT 2008
In samba 3.2 the function wbcStringToSid has an error.
We are calling strtol on the string to get the various
parts of the sid (rev number, id_auth and sub_auths)
however we test for the return value to be non-zero to
indicate success. However this will not allow us to decode
a SID that has a zero in any field - for example the
Everyone sid of S-1-1-0 or UID 0 sid of S-1-22-1-0.
I don't know if there are any SIDs with 0 in any position
but the subauths but we need to at least allow it there.
The code has the following lines
while (sid->num_auths < WBC_MAXSUBAUTHS) {
if ((x=(uint32_t)strtoul(p, &q, 10)) == 0)
break;
sid->sub_auths[sid->num_auths++] = x;
if (q && ((*q!='-') || (*q=='\0')))
break;
p = q + 1;
}
I think this needs to be changed to something like the
following
while (sid->num_auths < WBC_MAXSUBAUTHS) {
x=(uint32_t)strtoul(p, &q, 10);
if (p == q)
break;
sid->sub_auths[sid->num_auths++] = x;
if (q && ((*q!='-') || (*q=='\0')))
break;
p = q + 1;
}
More information about the samba-technical
mailing list