libcli/security: conditional ACEs check again for NULL/empty claims

author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Thu, 28 Sep 2023 23:24:14 +0000 (12:24 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 29 Sep 2023 02:18:34 +0000 (02:18 +0000)
author Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Thu, 28 Sep 2023 23:24:14 +0000 (12:24 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 29 Sep 2023 02:18:34 +0000 (02:18 +0000)
diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c

index 50935a20a5392deb9a2fd35ffe4178c91a3a24ec..bd685abbc7e0d9ebe21003e369dbb946d4e14102 100644 (file)
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -830,6 +830,15 @@ static bool token_claim_lookup(
                 return false;
         }
  
+       if (num_claims == 0) {
+               DBG_NOTICE("There are no type %u claims\n", op->type);
+               return false;
+       }
+       if (claims == NULL) {
+               DBG_ERR("Type %u claim list unexpectedly NULL!\n", op->type);
+               result->type = CONDITIONAL_ACE_SAMBA_RESULT_ERROR;
+               return false;
+       }
         /*
          * Loop backwards: a later claim will override an earlier one with the
          * same name.
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
	Thu, 28 Sep 2023 23:24:14 +0000 (12:24 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 29 Sep 2023 02:18:34 +0000 (02:18 +0000)