libcli/security: allow round-trip for conditional ACE hex integers

As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/sddl_conditional_ace.c b/libcli/security/sddl_conditional_ace.c
index 46dd1714ba5a1a91e71954d9eefa376ef9ee4906..3d87a2bfafb0d7f4effac274bd8008a30bb4185a 100644 (file)
--- a/libcli/security/sddl_conditional_ace.c
+++ b/libcli/security/sddl_conditional_ace.c
@@ -639,7 +639,7 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
                } else if (base == CONDITIONAL_ACE_INT_BASE_10) {
                        snprintf(buf, sizeof(buf), "%"PRId64, v);
                } else {
-                       snprintf(buf, sizeof(buf), "%#"PRIx64, v);
+                       snprintf(buf, sizeof(buf), "0x%"PRIx64, v);
                }
                return sddl_write(ctx, buf);
        }
@@ -675,7 +675,7 @@ static bool sddl_write_int(struct sddl_write_context *ctx,
        if (base == CONDITIONAL_ACE_INT_BASE_8) {
                snprintf(buf + 1, sizeof(buf) - 1, "0%llo", llabs(v));
        } else {
-               snprintf(buf + 1, sizeof(buf) - 1, "%#llx", llabs(v));
+               snprintf(buf + 1, sizeof(buf) - 1, "0x%llx", llabs(v));
        }
        return sddl_write(ctx, buf);
 }