$OpenBSD: patch-source3_lib_netapi_group_c,v 1.1 2014/02/06 04:33:24 brad Exp $

DCE-RPC fragment length field is incorrectly checked.
CVE-2013-4408

--- source3/lib/netapi/group.c.orig	Tue Jan 28 02:16:43 2014
+++ source3/lib/netapi/group.c	Tue Jan 28 02:16:43 2014
@@ -395,7 +395,15 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
 		werr = ntstatus_to_werror(result);
 		goto done;
 	}
+	if (names.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
 	}
+	if (member_types.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
+	}
+	}
 
 	for (i=0; i < rid_array->count; i++) {
 
@@ -1621,6 +1629,14 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
 	}
 	if (!NT_STATUS_IS_OK(result)) {
 		werr = ntstatus_to_werror(result);
+		goto done;
+	}
+	if (names.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
+	}
+	if (member_types.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
 		goto done;
 	}
 
