From 272f26e3ad01a6017b52a992123106777ed3aaa3 Mon Sep 17 00:00:00 2001
From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Date: Fri, 29 Sep 2023 12:24:14 +1300
Subject: [PATCH] libcli/security: conditional ACEs check again for NULL/empty
 claims

CID 1545152.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/security/conditional_ace.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libcli/security/conditional_ace.c b/libcli/security/conditional_ace.c
index 50935a20a53..bd685abbc7e 100644
--- a/libcli/security/conditional_ace.c
+++ b/libcli/security/conditional_ace.c
@@ -830,6 +830,15 @@ static bool token_claim_lookup(
 		return false;
 	}
 
+	if (num_claims == 0) {
+		DBG_NOTICE("There are no type %u claims\n", op->type);
+		return false;
+	}
+	if (claims == NULL) {
+		DBG_ERR("Type %u claim list unexpectedly NULL!\n", op->type);
+		result->type = CONDITIONAL_ACE_SAMBA_RESULT_ERROR;
+		return false;
+	}
 	/*
 	 * Loop backwards: a later claim will override an earlier one with the
 	 * same name.
-- 
2.11.4.GIT