getcifsacl: ensure that we don't overrun the wbcDomainSid when converting

If we get a SID that contains more than 15 subauthorities, we'll end up
overrunning the struct wbcDomainSid. Just ignore any past 15.

Signed-off-by: Jeff Layton <jlayton@samba.org>

diff --git a/getcifsacl.c b/getcifsacl.c
index 256b2ad09dfd323750fece35d8cb517e6010b84d..3f94a99ea4bebd21c1b8b4ee0ecc338b8ef5e0c4 100644 (file)
--- a/getcifsacl.c
+++ b/getcifsacl.c
@@ -180,12 +180,14 @@ static void
 csid_to_wsid(struct wbcDomainSid *wsid, const struct cifs_sid *csid)
 {
        int i;
+       uint8_t num_subauth = (csid->num_subauth <= WBC_MAXSUBAUTHS) ?
+                               csid->num_subauth : WBC_MAXSUBAUTHS;
 
        wsid->sid_rev_num = csid->revision;
-       wsid->num_auths = csid->num_subauth;
+       wsid->num_auths = num_subauth;
        for (i = 0; i < NUM_AUTHS; i++)
                wsid->id_auth[i] = csid->authority[i];
-       for (i = 0; i < csid->num_subauth; i++)
+       for (i = 0; i < num_subauth; i++)
                wsid->sub_auths[i] = le32toh(csid->sub_auth[i]);
 }