libcli/security: check again for NULL values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=156067

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224

(cherry picked from commit b815abe77991d7929717ea3ed4b9d7bef7179715)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Wed Mar 20 12:03:45 UTC 2024 on atb-devel-224

diff --git a/libcli/security/claims-conversions.c b/libcli/security/claims-conversions.c
index 0d3b06de4fe8089bb1cba271fafe746ada22f0d6..ccf1375fc8f990361934aa05262c1342fa0c3022 100644 (file)
--- a/libcli/security/claims-conversions.c
+++ b/libcli/security/claims-conversions.c
@@ -262,6 +262,9 @@ static bool claim_v1_offset_to_ace_token(
        uint8_t f = claim->flags & CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE;
        result->flags = f | CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR;
 
+       if (claim->values[offset].int_value == NULL) {
+               return false;
+       }
        switch (claim->value_type) {
        case CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64:
                return claim_v1_int_to_ace_int(claim, offset, result);