From d278fe4a8478c1108b0f95daa99eb0a4e8fa787c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 12 Jan 2023 11:55:04 +0100
Subject: [PATCH] lib: Fix out-of-bounds access in print_ace_flags()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/lib/util_sd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source3/lib/util_sd.c b/source3/lib/util_sd.c
index 02e4648e207..23f37b7e734 100644
--- a/source3/lib/util_sd.c
+++ b/source3/lib/util_sd.c
@@ -240,6 +240,7 @@ bool StringToSid(struct cli_state *cli, struct dom_sid *sid, const char *str)
 static void print_ace_flags(FILE *f, uint8_t flags)
 {
 	char *str = talloc_strdup(NULL, "");
+	size_t len;
 
 	if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
 		talloc_asprintf_addbuf(&str, "OI|");
@@ -264,9 +265,9 @@ static void print_ace_flags(FILE *f, uint8_t flags)
 	   and SEC_ACE_FLAG_FAILED_ACCESS ( 0x80 ) as they're
 	   audit ace flags. */
 
-	if (str[strlen(str)-1] == '|') {
-		str[strlen(str)-1] = '\0';
-		fprintf(f, "/%s/", str);
+	len = strlen(str);
+	if (len > 0) {
+		fprintf(f, "/%.*s/", (int)len-1, str);
 	} else {
 		fprintf(f, "/0x%x/", flags);
 	}
-- 
2.11.4.GIT