Fix string_to_sid() to allow non '\0' termination of the string

Andrew Bartlett abartlet at samba.org
Tue Sep 14 17:30:03 MDT 2010 

On Tue, 2010-09-14 at 15:43 -0700, Jeremy Allison wrote:
> On Wed, Sep 15, 2010 at 08:38:54AM +1000, Andrew Bartlett wrote:
> > On Tue, 2010-09-14 at 23:51 +0200, Jeremy Allison wrote:
> > > The branch, v3-6-test has been updated
> > >        via  c4a31cf Fix string_to_sid() to allow non '
> > >        via  ea8f73f s3-torture Add tests to show that the dom_sid parsing was faulty.
> > >        via  b45b538 s3-util_sid Use the NDR parser to parse struct dom_sid
> > >        via  dad0b14 libcli/security Use sid_append_rid() in dom_sid_append_rid()
> > >        via  4ac32a5 libcli/security Merge source3/ string_to_sid() to common code
> > >        via  9e31c9a s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
> > >        via  1ac4f6a s3-util_sid Accept S-1-5 as a SID (cherry picked from commit 9d44688681bc196baf1bccbdf84092ffc0510bb7)
> > >        via  0dc0a81 s3-dom_sid Use C99 types in dom_sid handling
> > >       from  f4c8bda Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.
> > > 
> > > http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
> > > 
> > > 
> > > - Log -----------------------------------------------------------------
> > > commit c4a31cf4d6b1a7c342ed223bdbab3dbd21073f5d
> > > Author: Jeremy Allison <jra at samba.org>
> > > Date:   Tue Sep 14 14:45:45 2010 -0700
> > > 
> > >     Fix string_to_sid() to allow non '\0' termination of the string - allows
> > >     string_to_sid() to be used in formatted strings like FOO/S-1-5-XXXX-YYYY/BAR.
> > >     
> > >     Jeremy.
> > >     (cherry picked from commit 55b315094ef8a8ed691f9717c28cab301e17ef25)
> > 
> > Firstly, thanks for merging these changes.  
> > 
> > However, while I can't argue with 'existing code needs this', I wonder
> > if this is really desirable behaviour?  Shouldn't we have the caller
> > trim off the string, or call a function with a length specified?  It
> > just seems we may loose an important guard against invalid input this
> > way.
> > 
> > What do you think?
> 
> Personally I think it makes the function easier to use.
> In order to trim the string at the right place you'd have to parse it
> anyway, which pre-supposes knowledge of a SID string in the
> caller.

Good point. 

> IMHO The correct change to this function is to add a
> char **end pointer as a return, so that it works in the
> same way as strtoul(), and callers can know what part of
> the passed in string has been consumed as the SID.
> 
> There's no guard against invalid input by insisiting
> on a '\0' terminator, it's just a burdon on the caller.

Yeah.  I'll see about such a change, and having a length-limited and
asserting caller or variant for some of the uses like ldb where I would
like a tighter control on this. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100915/12c7b7b8/attachment.pgp>

More information about the samba-technical mailing list