This avoids a memcpy, and level 3 debug verbosity from
dom_sid_parse_endp().
In other places we have something like `|| in->data[1] != '-'`, but
that is not useful here -- the value is either a string SID, or a
binary SID that starts with '\1', or some awful value that we *do*
want to get messages about.
This replaces the work of ldif_comparision_objectSid_isString().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
struct dom_sid sid;
if (in->length > DOM_SID_STR_BUFLEN) {
return -1;
+ }
+ if (in->length < 5) { /* "S-1-x" */
+ return -1;
+ }
+ if (in->data[0] != 'S' && in->data[0] != 's') {
+ return -1;
} else {
char p[in->length+1];
memcpy(p, in->data, in->length);