summaryrefslogtreecommitdiffstats
path: root/source4/libcli
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-11-07 21:40:55 -0800
committerKarolin Seeger <kseeger@samba.org>2013-12-09 07:05:46 +0100
commit0dc618189469bf389a583eb346ddc6acaad1c644 (patch)
treec2a788305792a22c554009077b5ffc9695bd5bbd /source4/libcli
parentb0ba4a562112fc707f540e1ff7c8e55ea02479c9 (diff)
downloadsamba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.gz
samba-0dc618189469bf389a583eb346ddc6acaad1c644.tar.xz
samba-0dc618189469bf389a583eb346ddc6acaad1c644.zip
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/libcli')
-rw-r--r--source4/libcli/util/clilsa.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
index cc0dae5984f..0437352e757 100644
--- a/source4/libcli/util/clilsa.c
+++ b/source4/libcli/util/clilsa.c
@@ -335,7 +335,11 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
}
if (sids.count != 1) {
talloc_free(mem_ctx2);
- return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ if (domains->count != 1) {
+ talloc_free(mem_ctx2);
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
sid = domains->domains[0].sid;