From bf4af1a28a3580223fcc3a861c7fdd1b43f234d1 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Sat, 4 May 2024 13:32:39 +1200
Subject: [PATCH] ldb-samba: ldif_read_objectSid() short-circuits without 'S'

This avoids a memcpy, and level 3 debug verbosity from
dom_sid_parse_endp().

In other places we have something like `|| in->data[1] != '-'`, but
that is not useful here -- the value is either a string SID, or a
binary SID that starts with '\1', or some awful value that we *do*
want to get messages about.

This replaces the work of ldif_comparision_objectSid_isString().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 lib/ldb-samba/ldif_handlers.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index b803c4486d3..458811f2207 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -91,6 +91,12 @@ static int ldif_read_objectSid(struct ldb_context *ldb, void *mem_ctx,
 	struct dom_sid sid;
 	if (in->length > DOM_SID_STR_BUFLEN) {
 		return -1;
+	}
+	if (in->length < 5) { /* "S-1-x" */
+		return -1;
+	}
+	if (in->data[0] != 'S' && in->data[0] != 's') {
+		return -1;
 	} else {
 		char p[in->length+1];
 		memcpy(p, in->data, in->length);
-- 
2.11.4.GIT