CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
author: Jeremy Allison <jra@samba.org> 2013-11-07 21:40:55 -0800
committer: Karolin Seeger <kseeger@samba.org> 2013-12-09 07:05:46 +0100
commit: 0dc618189469bf389a583eb346ddc6acaad1c644 (patch)
tree: c2a788305792a22c554009077b5ffc9695bd5bbd /source4/libcli
parent: b0ba4a562112fc707f540e1ff7c8e55ea02479c9 (diff)
download: samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.gz
samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.xz
samba-0dc618189469bf389a583eb346ddc6acaad1c644.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
index cc0dae5984f..0437352e757 100644
--- a/source4/libcli/util/clilsa.c
+++ b/source4/libcli/util/clilsa.c
@@ -335,7 +335,11 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
 	}
 	if (sids.count != 1) {
 		talloc_free(mem_ctx2);
-		return NT_STATUS_UNSUCCESSFUL;
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	if (domains->count != 1) {
+		talloc_free(mem_ctx2);
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
 	}
 
 	sid = domains->domains[0].sid;
author	Jeremy Allison <jra@samba.org>	2013-11-07 21:40:55 -0800
committer	Karolin Seeger <kseeger@samba.org>	2013-12-09 07:05:46 +0100
commit	0dc618189469bf389a583eb346ddc6acaad1c644 (patch)
tree	c2a788305792a22c554009077b5ffc9695bd5bbd /source4/libcli
parent	b0ba4a562112fc707f540e1ff7c8e55ea02479c9 (diff)
download	samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.gz samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.xz samba-0dc618189469bf389a583eb346ddc6acaad1c644.zip