libcli/security: Initialize conditional ACE token

If the ‘flags’ member is not initialized, we invoke undefined behaviour
when trying to push or evaluate the parsed conditional ACE.

One way this issue can manifest is in the mysterious failure of Unicode
comparisons owing to the CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE
flag being set when it shouldn’t.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index a84060ce6988ee6dc07642a798d6f0323b2217ef..6fb0cd3a38bb9feaef5d94f9e6b64a4a8ea2dcd4 100644 (file)
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -322,7 +322,7 @@ static ssize_t pull_composite(TALLOC_CTX *mem_ctx,
                uint8_t *el_data = NULL;
                size_t available;
                bool ok;
-               el->type = data[i];
+               *el = (struct ace_condition_token) { .type = data[i] };
                i++;
 
                el_data = data + i;