diff options
| author | Jeremy Allison <jra@samba.org> | 2013-11-07 22:41:22 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-12-09 09:00:41 +0100 |
| commit | f799f63e4312b25d3c671e7a4072607fdba0c768 (patch) | |
| tree | cf7bde894e1f9684328abfa05849108f822ab054 /source3/lib/netapi/group.c | |
| parent | 0dc618189469bf389a583eb346ddc6acaad1c644 (diff) | |
| download | samba-f799f63e4312b25d3c671e7a4072607fdba0c768.tar.gz samba-f799f63e4312b25d3c671e7a4072607fdba0c768.tar.xz samba-f799f63e4312b25d3c671e7a4072607fdba0c768.zip | |
CVE-2013-4408:s3:Ensure LookupRids() replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Dec 9 09:00:41 CET 2013 on sn-devel-104
Diffstat (limited to 'source3/lib/netapi/group.c')
| -rw-r--r-- | source3/lib/netapi/group.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c index ea0414614d..6d9b248968 100644 --- a/source3/lib/netapi/group.c +++ b/source3/lib/netapi/group.c @@ -395,6 +395,14 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx, werr = ntstatus_to_werror(result); goto done; } + if (names.count != rid_array->count) { + werr = WERR_BAD_NET_RESP; + goto done; + } + if (member_types.count != rid_array->count) { + werr = WERR_BAD_NET_RESP; + goto done; + } } for (i=0; i < rid_array->count; i++) { @@ -1624,6 +1632,14 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx, werr = ntstatus_to_werror(result); goto done; } + if (names.count != rid_array->count) { + werr = WERR_BAD_NET_RESP; + goto done; + } + if (member_types.count != rid_array->count) { + werr = WERR_BAD_NET_RESP; + goto done; + } for (i=0; i < names.count; i++) { |