git: 4b7c2a0193dd - stable/14 - nfsuserd: Fix OOB access on membership of too many groups, take 2
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 10 Oct 2025 17:16:41 UTC
The branch stable/14 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=4b7c2a0193dd92b72628bc1c614d779cf77eef5d
commit 4b7c2a0193dd92b72628bc1c614d779cf77eef5d
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-10-09 17:03:11 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-10-10 17:16:03 +0000
nfsuserd: Fix OOB access on membership of too many groups, take 2
Forgot to reset 'ngroup' after one of the calls to getgrouplist() in the
previous commit with same title (referenced also below).
MFC after: 1 hour
Fixes: e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.")
Fixes: bb339adfb2a2 ("nfsuserd: Fix OOB access on membership of too many groups")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 75eb6846269bb9bec1eaf4f0ad93d7525715b550)
---
usr.sbin/nfsuserd/nfsuserd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c
index 9df50e27efd1..e5fd6fb18c81 100644
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@@ -630,6 +630,7 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
syslog(LOG_ERR,
"Group list of user '%s' too big",
pwd->pw_name);
+ ngroup = NGROUPS;
}
nid.nid_ngroup = ngroup;
nid.nid_grps = grps;