From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Thu, 28 Sep 2023 23:24:14 +0000 (+1300)
Subject: libcli/security: conditional ACEs check again for NULL/empty claims
X-Git-Tag: tevent-0.16.0~310
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=272f26e3ad01a6017b52a992123106777ed3aaa3;p=thirdparty%2Fsamba.git

libcli/security: conditional ACEs check again for NULL/empty claims

CID 1545152.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index 50935a20a53..bd685abbc7e 100644
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -830,6 +830,15 @@ static bool token_claim_lookup(
 		return false;
 	}
 
+	if (num_claims == 0) {
+		DBG_NOTICE("There are no type %u claims\n", op->type);
+		return false;
+	}
+	if (claims == NULL) {
+		DBG_ERR("Type %u claim list unexpectedly NULL!\n", op->type);
+		result->type = CONDITIONAL_ACE_SAMBA_RESULT_ERROR;
+		return false;
+	}
 	/*
 	 * Loop backwards: a later claim will override an earlier one with the
 	 * same name.