From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 24 Nov 2023 04:59:24 +0000 (+1300)
Subject: libcli/security: don't allow two NULL string claims
X-Git-Tag: talloc-2.4.2~505
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ebb488e512dcaeb1aa1866dd40d2515f9c5da96;p=thirdparty%2Fsamba.git

libcli/security: don't allow two NULL string claims

This restores the behaviour with regard to duplicate NULL strings that
existed before the last commit. I'm putting it separately, because it
seems so strange, and I not entirely certain the behaviour is
intentional.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/claims-conversions.c b/libcli/security/claims-conversions.c
index 9ae2aee7208..e73771e0e12 100644
--- a/libcli/security/claims-conversions.c
+++ b/libcli/security/claims-conversions.c
@@ -837,7 +837,7 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
 			{
 				const struct CLAIM_STRING *values = &claim_entry->values.claim_string;
 				uint32_t k, m;
-
+				bool seen_empty = false;
 				n_values = values->value_count;
 				value_type = CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING;
 
@@ -861,6 +861,21 @@ NTSTATUS token_claims_to_claims_v1(TALLOC_CTX *mem_ctx,
 						}
 						claim_values[m].string_value = string_value;
 						m++;
+					} else {
+						/*
+						 * We allow one NULL string
+						 * per claim, but not two,
+						 * because two would be a
+						 * duplicate, and we don't
+						 * want those (duplicates in
+						 * actual values are checked
+						 * later).
+						 */
+						if (seen_empty) {
+							talloc_free(claims);
+							return NT_STATUS_INVALID_PARAMETER;
+						}
+						seen_empty = true;
 					}
 				}
 				n_values = m;