From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 4 Sep 2023 22:32:26 +0000 (+1200)
Subject: s4:kdc: Check for overflow when adding a domain group SID
X-Git-Tag: tevent-0.16.0~598
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d045809c0c22b2c41731415146a8cfc932e8c0d2;p=thirdparty%2Fsamba.git

s4:kdc: Check for overflow when adding a domain group SID

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index dcef5da2f9a..8b6d4639cf6 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1727,6 +1727,10 @@ static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *in
 	}
 
 	if (domain_group == NULL) {
+		if (info->domain_group_count == UINT32_MAX) {
+			return EINVAL;
+		}
+
 		info->domain_groups = talloc_realloc(
 			info,
 			info->domain_groups,
@@ -1761,6 +1765,10 @@ static krb5_error_code samba_kdc_add_domain_group_sid(struct PAC_DEVICE_INFO *in
 		}
 	}
 
+	if (domain_group->groups.count == UINT32_MAX) {
+		return EINVAL;
+	}
+
 	domain_group->groups.rids = talloc_realloc(info->domain_groups,
 						   domain_group->groups.rids,
 						   struct samr_RidWithAttribute,