diff options
author | Jeremy Allison <jra@samba.org> | 2013-11-07 20:38:01 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-12-09 07:05:46 +0100 |
commit | b0ba4a562112fc707f540e1ff7c8e55ea02479c9 (patch) | |
tree | 9c6e8f33f681e88367f0b822b8c9845cb4d1da38 /nsswitch/wbinfo.c | |
parent | a516ae6868386aa23f2beb52a576b0cf68042b1d (diff) | |
download | samba-b0ba4a562112fc707f540e1ff7c8e55ea02479c9.tar.gz samba-b0ba4a562112fc707f540e1ff7c8e55ea02479c9.tar.xz samba-b0ba4a562112fc707f540e1ff7c8e55ea02479c9.zip |
CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'nsswitch/wbinfo.c')
-rw-r--r-- | nsswitch/wbinfo.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 61acd1aa9e1..cc75fc30a16 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1395,15 +1395,25 @@ static bool wbinfo_lookup_sids(const char *arg) } for (i=0; i<num_sids; i++) { + const char *domain = NULL; + wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr)); + if (names[i].domain_index >= num_domains) { + domain = "<none>"; + } else if (names[i].domain_index < 0) { + domain = "<none>"; + } else { + domain = domains[names[i].domain_index].short_name; + } + if (names[i].type == WBC_SID_NAME_DOMAIN) { d_printf("%s -> %s %d\n", sidstr, - domains[names[i].domain_index].short_name, + domain, names[i].type); } else { d_printf("%s -> %s%c%s %d\n", sidstr, - domains[names[i].domain_index].short_name, + domain, winbind_separator(), names[i].name, names[i].type); } |