$OpenBSD: patch-source3_lib_netapi_group_c,v 1.2 2014/04/10 00:50:58 brad Exp $

DCE-RPC fragment length field is incorrectly checked.
CVE-2013-4408

--- source3/lib/netapi/group.c.orig	Wed May  8 04:16:26 2013
+++ source3/lib/netapi/group.c	Wed Apr  9 17:25:42 2014
@@ -386,7 +386,15 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
 		werr = ntstatus_to_werror(result);
 		goto done;
 	}
+	if (names.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
 	}
+	if (member_types.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
+	}
+	}
 
 	for (i=0; i < rid_array->count; i++) {
 
@@ -1556,6 +1564,14 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
 	}
 	if (!NT_STATUS_IS_OK(result)) {
 		werr = ntstatus_to_werror(result);
+		goto done;
+	}
+	if (names.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
+		goto done;
+	}
+	if (member_types.count != rid_array->count) {
+		werr = WERR_BAD_NET_RESP;
 		goto done;
 	}
 
