Fix bug #7669.

[metze/samba/wip.git] / libcli / security / dom_sid.c

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index f41ea677fca8627b7d036d90d14626f2ce96ff6b..350a14f311b063c5e1cc057a5159eae5e6a8b2a1 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -22,7 +22,7 @@
 
 #include "includes.h"
 #include "librpc/gen_ndr/security.h"
-#include "libcli/security/security.h"
+#include "dom_sid.h"
 
 /*****************************************************************
  Compare the auth portion of two sids.
@@ -117,6 +117,10 @@ bool dom_sid_parse(const char *sidstr, struct dom_sid *ret)
                if (sidstr[i] == '-') num_sub_auths++;
        }
 
+       if (num_sub_auths > MAXSUBAUTHS) {
+               return false;
+       }
+
        ret->sid_rev_num = rev;
        ret->id_auth[0] = 0;
        ret->id_auth[1] = 0;