diff options
| author | Jeremy Allison <jra@samba.org> | 2013-11-07 21:40:55 -0800 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2013-12-09 07:05:46 +0100 |
| commit | 0dc618189469bf389a583eb346ddc6acaad1c644 (patch) | |
| tree | c2a788305792a22c554009077b5ffc9695bd5bbd /source3/lib/netapi/localgroup.c | |
| parent | b0ba4a562112fc707f540e1ff7c8e55ea02479c9 (diff) | |
| download | samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.gz samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.xz samba-0dc618189469bf389a583eb346ddc6acaad1c644.zip | |
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/lib/netapi/localgroup.c')
| -rw-r--r-- | source3/lib/netapi/localgroup.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 6501eddcc6..241970da3c 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -58,6 +58,12 @@ static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(result)) { return result; } + if (user_rids.count != 1) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + if (name_types.count != 1) { + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } switch (name_types.ids[0]) { case SID_NAME_ALIAS: @@ -1041,7 +1047,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx, NT_STATUS_NOT_OK_RETURN(result); if (count != 1 || sids.count != 1) { - return NT_STATUS_NONE_MAPPED; + return NT_STATUS_INVALID_NETWORK_RESPONSE; } sid_copy(sid, sids.sids[0].sid); |