diff options
author | Jeremy Allison <jra@samba.org> | 2013-11-07 21:40:55 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2013-12-09 07:05:46 +0100 |
commit | 0dc618189469bf389a583eb346ddc6acaad1c644 (patch) | |
tree | c2a788305792a22c554009077b5ffc9695bd5bbd /source4/libcli | |
parent | b0ba4a562112fc707f540e1ff7c8e55ea02479c9 (diff) | |
download | samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.gz samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.xz samba-0dc618189469bf389a583eb346ddc6acaad1c644.zip |
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/libcli')
-rw-r--r-- | source4/libcli/util/clilsa.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c index cc0dae5984f..0437352e757 100644 --- a/source4/libcli/util/clilsa.c +++ b/source4/libcli/util/clilsa.c @@ -335,7 +335,11 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli, } if (sids.count != 1) { talloc_free(mem_ctx2); - return NT_STATUS_UNSUCCESSFUL; + return NT_STATUS_INVALID_NETWORK_RESPONSE; + } + if (domains->count != 1) { + talloc_free(mem_ctx2); + return NT_STATUS_INVALID_NETWORK_RESPONSE; } sid = domains->domains[0].sid; |