ndr: ignore trailing bytes in ndr_pull_security_ace()

This returns the behaviour with ordinary ACEs to where it was with 4.19.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f)

diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index 508bcd219dda10be2f87f5c2bd8c45f5ca56ecf3..f870a17aafc64589977824e96685e3a6ccc3bf37 100644 (file)
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -113,7 +113,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags
                NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr, NDR_SCALARS, r));
                NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
                sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags);
-               if (sub_size == 0) {
+               if (!sec_ace_has_extra_blob(r->type) || sub_size == 0) {
                        r->coda.ignored.data = NULL;
                        r->coda.ignored.length = 0;
                } else {