CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.

[samba.git] / nsswitch / libwbclient / wbc_sid.c

diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
index 6df8a3c375f328e5b190a0bbc9544b70f8e72437..35319c536e7ea4faef634803991d8d326ef28286 100644 (file)
--- a/nsswitch/libwbclient/wbc_sid.c
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -421,6 +421,13 @@ wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
        for (i=0; i<num_names; i++) {
 
                names[i].domain_index = strtoul(p, &q, 10);
+               if (names[i].domain_index < 0) {
+                       goto wbc_err_invalid;
+               }
+               if (names[i].domain_index >= num_domains) {
+                       goto wbc_err_invalid;
+               }
+
                if (*q != ' ') {
                        goto wbc_err_invalid;
                }