bug in wbcStringToSid
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jul 17 09:52:19 GMT 2008
On Wed, Jul 16, 2008 at 08:12:05PM -0700, Herb Lewis wrote:
> In samba 3.2 the function wbcStringToSid has an error.
> We are calling strtol on the string to get the various
> parts of the sid (rev number, id_auth and sub_auths)
> however we test for the return value to be non-zero to
> indicate success. However this will not allow us to decode
> a SID that has a zero in any field - for example the
> Everyone sid of S-1-1-0 or UID 0 sid of S-1-22-1-0.
>
> I don't know if there are any SIDs with 0 in any position
> but the subauths but we need to at least allow it there.
>
> The code has the following lines
>
> while (sid->num_auths < WBC_MAXSUBAUTHS) {
> if ((x=(uint32_t)strtoul(p, &q, 10)) == 0)
> break;
> sid->sub_auths[sid->num_auths++] = x;
>
> if (q && ((*q!='-') || (*q=='\0')))
> break;
> p = q + 1;
> }
>
>
> I think this needs to be changed to something like the
> following
>
> while (sid->num_auths < WBC_MAXSUBAUTHS) {
> x=(uint32_t)strtoul(p, &q, 10);
> if (p == q)
> break;
> sid->sub_auths[sid->num_auths++] = x;
>
> if (q && ((*q!='-') || (*q=='\0')))
> break;
> p = q + 1;
> }
Looks fully correct.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080717/e6de2ae8/attachment.bin
More information about the samba-technical
mailing list