$OpenBSD: patch-source3_utils_net_rpc_c,v 1.2 2014/04/10 00:50:58 brad Exp $

DCE-RPC fragment length field is incorrectly checked.
CVE-2013-4408

--- source3/utils/net_rpc.c.orig	Wed May  8 04:16:26 2013
+++ source3/utils/net_rpc.c	Wed Apr  9 17:25:43 2014
@@ -2865,7 +2865,12 @@ static NTSTATUS rpc_list_group_members(struct net_cont
 		if (!NT_STATUS_IS_OK(result)) {
 			return result;
 		}
-
+		if (names.count != this_time) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		if (types.count != this_time) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
 		/* We only have users as members, but make the output
 		   the same as the output of alias members */
 
