| commit | 78f728063a1e510966a45f7f1d9515ea3bd16214 | |
| author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | |
| Sun, 17 Mar 2024 10:07:17 +0000 (17 23:07 +1300) | ||
| committer | Andrew Bartlett <abartlet@samba.org> | |
| Mon, 18 Mar 2024 01:46:31 +0000 (18 01:46 +0000) | ||
| tree | 2b94f55283eeb3442a31e4173ed155a5654914cd | treesnapshot (tar.gz zip) |
| parent | 97a23e57dc88fe6b4a851bb0e0db09a4ee9b37fb | commitdiff |
libcli/security: claims_conversions: check for NULL in claims array
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.
There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.
There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| libcli/security/claims-conversions.c | diffblobblamehistory |