libcli/security Use sid_append_rid() in dom_sid_append_rid()

This ensures that the maximum number of sub-authorities is respected,
otherwise we may run off the end of the array.

Andrew Bartlett

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index f0447333168614ee7f7e7d4fa67f5255d9f83c0e..373f4ae17560f5c79c1635d62ea99dd666cfc1b1 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -272,13 +272,13 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
 {
        struct dom_sid *sid;
 
-       sid = talloc(mem_ctx, struct dom_sid);
+       sid = dom_sid_dup(mem_ctx, domain_sid);
        if (!sid) return NULL;
 
-       *sid = *domain_sid;
-
-       sid->sub_auths[sid->num_auths] = rid;
-       sid->num_auths++;
+       if (!sid_append_rid(sid, rid)) {
+               talloc_free(sid);
+               return NULL;
+       }
 
        return sid;
 }