misc/161509: usr.bin/newgrp has an off-by-1 error when checking
ngrps
Jeremy Huddleston
jeremyhu at apple.com
Wed Oct 12 00:10:08 UTC 2011
>Number: 161509
>Category: misc
>Synopsis: usr.bin/newgrp has an off-by-1 error when checking ngrps
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 12 00:10:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Jeremy Huddleston
>Release: HEAD
>Organization:
Apple Inc
>Environment:
N/A
>Description:
newgrp.c currently does:
if (ngrps == ngrps_max)
... warn about too many groups
else
ngrps++
setgroups(ngrps, ...)
Thus the check for ngrps_max needs to be against ngrps + 1, not ngrps.
>How-To-Repeat:
call ngrp with your NGROUPS_MAXth group.
>Fix:
Line numbers will be offset due to local changes.
--- newgrp.c (revision 3269)
+++ newgrp.c (working copy)
@@ -143,7 +146,7 @@
if (initres < 0)
warn("initgroups");
if (setres < 0)
- warn("setgroups");
+ warn("setgid");
}
static void
@@ -227,7 +250,7 @@
/* Add old effective gid to supp. list if it does not exist. */
if (egid != grp->gr_gid && !inarray(egid, grps, ngrps)) {
- if (ngrps == ngrps_max)
+ if (ngrps + 1 >= ngrps_max)
warnx("too many groups");
else {
grps[ngrps++] = egid;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list