Fix string_to_sid() to allow non '\0' termination of the string

Andrew Bartlett abartlet at
Tue Sep 14 16:38:54 MDT 2010

On Tue, 2010-09-14 at 23:51 +0200, Jeremy Allison wrote:
> The branch, v3-6-test has been updated
>        via  c4a31cf Fix string_to_sid() to allow non '
>        via  ea8f73f s3-torture Add tests to show that the dom_sid parsing was faulty.
>        via  b45b538 s3-util_sid Use the NDR parser to parse struct dom_sid
>        via  dad0b14 libcli/security Use sid_append_rid() in dom_sid_append_rid()
>        via  4ac32a5 libcli/security Merge source3/ string_to_sid() to common code
>        via  9e31c9a s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
>        via  1ac4f6a s3-util_sid Accept S-1-5 as a SID (cherry picked from commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
>        via  0dc0a81 s3-dom_sid Use C99 types in dom_sid handling
>       from  f4c8bda Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
> - Log -----------------------------------------------------------------
> commit c4a31cf4d6b1a7c342ed223bdbab3dbd21073f5d
> Author: Jeremy Allison <jra at>
> Date:   Tue Sep 14 14:45:45 2010 -0700
>     Fix string_to_sid() to allow non '\0' termination of the string - allows
>     string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
>     Jeremy.
>     (cherry picked from commit 55b315094ef8a8ed691f9717c28cab301e17ef25)

Firstly, thanks for merging these changes.  

However, while I can't argue with 'existing code needs this', I wonder
if this is really desirable behaviour?  Shouldn't we have the caller
trim off the string, or call a function with a length specified?  It
just seems we may loose an important guard against invalid input this

What do you think?

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the samba-technical mailing list