svn commit: r193525 - projects/ngroups/sys/netinet
Brooks Davis
brooks at FreeBSD.org
Fri Jun 5 17:20:19 UTC 2009
Author: brooks
Date: Fri Jun 5 17:20:19 2009
New Revision: 193525
URL: http://svn.freebsd.org/changeset/base/193525
Log:
Clamp the number of groups ipfw can track to 16 for now.
Modified:
projects/ngroups/sys/netinet/ip_fw2.c
Modified: projects/ngroups/sys/netinet/ip_fw2.c
==============================================================================
--- projects/ngroups/sys/netinet/ip_fw2.c Fri Jun 5 17:19:55 2009 (r193524)
+++ projects/ngroups/sys/netinet/ip_fw2.c Fri Jun 5 17:20:19 2009 (r193525)
@@ -140,8 +140,9 @@ static uma_zone_t ipfw_dyn_rule_zone;
* the user specified UID/GID based constraints in
* a firewall rule.
*/
+#define FW_NGROUPS 16
struct ip_fw_ugid {
- gid_t fw_groups[NGROUPS];
+ gid_t fw_groups[FW_NGROUPS]; /* XXX: should be dynamic */
int fw_ngroups;
uid_t fw_uid;
int fw_prid;
@@ -2017,8 +2018,8 @@ fill_ugid_cache(struct inpcb *inp, struc
cr = inp->inp_cred;
ugp->fw_prid = jailed(cr) ? cr->cr_prison->pr_id : -1;
ugp->fw_uid = cr->cr_uid;
- ugp->fw_ngroups = cr->cr_ngroups;
- bcopy(cr->cr_groups, ugp->fw_groups, sizeof(ugp->fw_groups));
+ ugp->fw_ngroups = MIN(cr->cr_ngroups, FW_NGROUPS);
+ bcopy(cr->cr_groups, ugp->fw_groups, sizeof(gid_t) * ugp->fw_ngroups);
}
static int
More information about the svn-src-projects
mailing list