From 89bbc41d029e2327a9b9a3408c7552ce3e75e855 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 19 Apr 2010 15:50:11 +0200
Subject: libwbclient: Fix wbcListGroups against too small num_entries

Thanks for the s4 winbind sending 0 here and Tridge to point it out to me :-)
---
 nsswitch/libwbclient/wbc_sid.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
index b3a683ddb5..63d566fa9f 100644
--- a/nsswitch/libwbclient/wbc_sid.c
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -714,8 +714,17 @@ wbcErr wbcListGroups(const char *domain_name,
 
 	next = (const char *)response.extra_data.data;
 	while (next) {
-		const char *current = next;
-		char *k = strchr(next, ',');
+		const char *current;
+		char *k;
+
+		if (num_groups >= response.data.num_entries) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		current = next;
+		k = strchr(next, ',');
+
 		if (k) {
 			k[0] = '\0';
 			next = k+1;
@@ -726,10 +735,6 @@ wbcErr wbcListGroups(const char *domain_name,
 		groups[num_groups] = strdup(current);
 		BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
 		num_groups += 1;
-		if (num_groups > response.data.num_entries) {
-			wbc_status = WBC_ERR_INVALID_RESPONSE;
-			goto done;
-		}
 	}
 	if (num_groups != response.data.num_entries) {
 		wbc_status = WBC_ERR_INVALID_RESPONSE;
-- 
cgit