From 1b8b599408f9c20cf87341c989005f5e716ad2ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Wed, 4 May 2016 09:27:32 +0200
Subject: [PATCH] Checked the number of subauthorities before accessing them

Be more crash resistent when analyzing a badly formed SID.
(contributed by Ulf Zibis)
---
 ntfsprogs/ntfssecaudit.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ntfsprogs/ntfssecaudit.c b/ntfsprogs/ntfssecaudit.c
index cde4477e..b243badf 100644
--- a/ntfsprogs/ntfssecaudit.c
+++ b/ntfsprogs/ntfssecaudit.c
@@ -971,10 +971,11 @@ static void showsid(const char *attr, int off, const char *prefix, int level)
 		marker = ' ';
 	cnt = attr[off+1] & 255;
 	auth = get6h(attr,off+2);
-	first = get4l(attr,off+8);
 	known = FALSE;
 	if ((attr[off] == 1) /* revision */
-	     && (auth < 100))
+	     && cnt
+	     && (auth < 100)) {
+		first = get4l(attr,off+8);
 		switch (cnt) {
 		case 0 : /* no level (error) */
 			break;
@@ -1105,6 +1106,7 @@ static void showsid(const char *attr, int off, const char *prefix, int level)
 				break;
 			}
 		}
+	}
 	if (!known)
 		printf("%*cUnknown SID\n",-level,marker);
 	printf("%*c%shex S-%d-",-level,marker,prefix,attr[off] & 255);