CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.

[gd/samba-autobuild/.git] / source3 / lib / netapi / localgroup.c

diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index 6501eddcc63b9afccbdb336641a0f7093f8f7b2e..241970da3c80b233bc43b7fbc983f9c91b34be5b 100644 (file)
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -58,6 +58,12 @@ static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
        if (!NT_STATUS_IS_OK(result)) {
                return result;
        }
+       if (user_rids.count != 1) {
+               return NT_STATUS_INVALID_NETWORK_RESPONSE;
+       }
+       if (name_types.count != 1) {
+               return NT_STATUS_INVALID_NETWORK_RESPONSE;
+       }
 
        switch (name_types.ids[0]) {
                case SID_NAME_ALIAS:
@@ -1041,7 +1047,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
        NT_STATUS_NOT_OK_RETURN(result);
 
        if (count != 1 || sids.count != 1) {
-               return NT_STATUS_NONE_MAPPED;
+               return NT_STATUS_INVALID_NETWORK_RESPONSE;
        }
 
        sid_copy(sid, sids.sids[0].sid);