git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.
[samba.git] / source4 / libnet / groupinfo.c
diff --git a/source4/libnet/groupinfo.c b/source4/libnet/groupinfo.c
index 44c21eed3fb82c9aa2b2790288dc63bad8306bc4..2b7963c8eebd446494289fafe33c32d5dd73f46e 100644 (file)
--- a/source4/libnet/groupinfo.c
+++ b/source4/libnet/groupinfo.c
@@ -87,12 +87,16 @@ static void continue_groupinfo_lookup(struct tevent_req *subreq)
                
                s->monitor_fn(&msg);
        }
-       
 
        /* have we actually got name resolved
           - we're looking for only one at the moment */
-       if (s->lookup.out.rids->count == 0) {
-               composite_error(c, NT_STATUS_NO_SUCH_USER);
+       if (s->lookup.out.rids->count != s->lookup.in.num_names) {
+               composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+               return;
+       }
+       if (s->lookup.out.types->count != s->lookup.in.num_names) {
+               composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+               return;
        }
 
        /* TODO: find proper status code for more than one rid found */
Samba Shared Repository