From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Mon, 8 Jan 2024 02:05:35 +0000 (+1300)
Subject: ndr: ignore trailing bytes in ndr_pull_security_ace()
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=7f338d6119acd5a3129248d4e61df626f4087560;p=janger%2Fsamba-autobuild-v4-20-test%2F.git

ndr: ignore trailing bytes in ndr_pull_security_ace()

This returns the behaviour with ordinary ACEs to where it was with 4.19.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f)
---

diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index 508bcd219dd..f870a17aafc 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -113,7 +113,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags
 		NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr, NDR_SCALARS, r));
 		NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
 		sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags);
-		if (sub_size == 0) {
+		if (!sec_ace_has_extra_blob(r->type) || sub_size == 0) {
 			r->coda.ignored.data = NULL;
 			r->coda.ignored.length = 0;
 		} else {