From 89bbc41d029e2327a9b9a3408c7552ce3e75e855 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 19 Apr 2010 15:50:11 +0200 Subject: libwbclient: Fix wbcListGroups against too small num_entries Thanks for the s4 winbind sending 0 here and Tridge to point it out to me :-) --- nsswitch/libwbclient/wbc_sid.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c index b3a683ddb5..63d566fa9f 100644 --- a/nsswitch/libwbclient/wbc_sid.c +++ b/nsswitch/libwbclient/wbc_sid.c @@ -714,8 +714,17 @@ wbcErr wbcListGroups(const char *domain_name, next = (const char *)response.extra_data.data; while (next) { - const char *current = next; - char *k = strchr(next, ','); + const char *current; + char *k; + + if (num_groups >= response.data.num_entries) { + wbc_status = WBC_ERR_INVALID_RESPONSE; + goto done; + } + + current = next; + k = strchr(next, ','); + if (k) { k[0] = '\0'; next = k+1; @@ -726,10 +735,6 @@ wbcErr wbcListGroups(const char *domain_name, groups[num_groups] = strdup(current); BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status); num_groups += 1; - if (num_groups > response.data.num_entries) { - wbc_status = WBC_ERR_INVALID_RESPONSE; - goto done; - } } if (num_groups != response.data.num_entries) { wbc_status = WBC_ERR_INVALID_RESPONSE; -- cgit