s4:dsdb/schema_syntax: fix dsdb_syntax_INT32/64_validate_ldb() with large values

We need to reject large values given as an unsigned number value,
the caller needs to give the signed value or negative numbers.

metze

diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index b434b6b0a5f71eec690bc638dc64ac358e5cec81..6f8d3c1d44998d62326f878c2fd534f887a325a0 100644 (file)
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -369,6 +369,7 @@ static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
 
        for (i=0; i < in->num_values; i++) {
                long v;
+               long n;
                char buf[sizeof("-2147483648")];
                char *end = NULL;
 
@@ -387,6 +388,24 @@ static WERROR dsdb_syntax_INT32_validate_ldb(const struct dsdb_syntax_ctx *ctx,
                        return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
                }
 
+               n = v & UINT32_MAX;
+
+               if (n != v) {
+                       return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+               }
+
+               if ((v & INT32_MIN) && buf[0] != '-') {
+                       /*
+                        * if the 0x80000000 bit is set, it is a negative
+                        * value. We need to make sure the it was given
+                        * as a negativ string value.
+                        *
+                        * We need to accept '-2147483647', but reject
+                        * '2147483649', both represent 0x80000001.
+                        */
+                       return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+               }
+
                if (attr->rangeLower) {
                        if ((int32_t)v < (int32_t)*attr->rangeLower) {
                                return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
@@ -494,6 +513,7 @@ static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
 
        for (i=0; i < in->num_values; i++) {
                long long v;
+               long long n;
                char buf[sizeof("-9223372036854775808")];
                char *end = NULL;
 
@@ -512,6 +532,26 @@ static WERROR dsdb_syntax_INT64_validate_ldb(const struct dsdb_syntax_ctx *ctx,
                        return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
                }
 
+               n = v & UINT64_MAX;
+
+               if (n != v) {
+                       return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+               }
+
+               if ((v & INT64_MIN) && buf[0] != '-') {
+                       /*
+                        * if the 0x8000000000000000 bit is set,
+                        * it is a negative value. We need to
+                        * make sure the it was given as a negative
+                        * string value.
+                        *
+                        * We need to accept '-9223372036854775807',
+                        * but reject '9223372036854775809',
+                        * both represent 0x8000000000000001.
+                        */
+                       return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
+               }
+
                if (attr->rangeLower) {
                        if ((int64_t)v < (int64_t)*attr->rangeLower) {
                                return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;