libcli/security: sddl conditional ACE: write -0 when asked

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65122

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 75a80e758ad46f02ada033b4e2ecbb7a2098d24a..e9d83b7f9c15cacfb23e0c8f0698bd7d452d9b21 100644 (file)
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -653,11 +653,16 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
        }
        sign_char = (sign == CONDITIONAL_ACE_INT_SIGN_NEGATIVE) ? '-' : '+';
        /*
-        * We can use "%+ld" for the decimal sign, but "%+lx" and "%+lo" are
-        * invalid because %o and %x are unsigned.
+        * We can use "%+ld" for the decimal sign (except -0), but
+        * "%+lx" and "%+lo" are invalid because %o and %x are
+        * unsigned.
         */
        if (base == CONDITIONAL_ACE_INT_BASE_10) {
-               snprintf(buf, sizeof(buf), "%+"PRId64, v);
+               if (v == 0) {
+                       snprintf(buf, sizeof(buf), "%c0", sign_char);
+               } else {
+                       snprintf(buf, sizeof(buf), "%+"PRId64, v);
+               }
                return sddl_write(ctx, buf);
        }
 

diff --git a/selftest/knownfail.d/sddl-conditional-ace b/selftest/knownfail.d/sddl-conditional-ace
deleted file mode 100644 (file)
index f253ee9..0000000
--- a/selftest/knownfail.d/sddl-conditional-ace
+++ /dev/null
@@ -1 +0,0 @@
-samba.unittests.sddl_conditional_ace.test_round_trips