git: bb339adfb2a2 - main - nfsuserd: Fix OOB access on membership of too many groups
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 09 Oct 2025 11:35:13 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=bb339adfb2a26c5bb71cd4275dff80f615534ab6
commit bb339adfb2a26c5bb71cd4275dff80f615534ab6
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-10-09 09:19:37 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-10-09 11:34:23 +0000
nfsuserd: Fix OOB access on membership of too many groups
getgrouplist() sets the variable containing the allocated length in
input to the full effective group list length, not the number of slots
that were actually filled in case the passed array is too small to
contain it.
While here, on this condition, improve the error message by outputting
the corresponding user name.
MFC after: 1 hour
Fixes: e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.")
Sponsored by: The FreeBSD Foundation
---
usr.sbin/nfsuserd/nfsuserd.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c
index 29d816934600..0e5c9c8f1e50 100644
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@@ -421,8 +421,12 @@ main(int argc, char *argv[])
/* Get the group list for this user. */
ngroup = NGROUPS;
if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
- &ngroup) < 0)
- syslog(LOG_ERR, "Group list too small");
+ &ngroup) < 0) {
+ syslog(LOG_ERR,
+ "Group list of user '%s' too big",
+ pwd->pw_name);
+ ngroup = NGROUPS;
+ }
nid.nid_ngroup = ngroup;
nid.nid_grps = grps;
} else {
@@ -621,8 +625,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
/* Get the group list for this user. */
ngroup = NGROUPS;
if (getgrouplist(pwd->pw_name, pwd->pw_gid,
- grps, &ngroup) < 0)
- syslog(LOG_ERR, "Group list too small");
+ grps, &ngroup) < 0) {
+ syslog(LOG_ERR,
+ "Group list of user '%s' too big",
+ pwd->pw_name);
+ }
nid.nid_ngroup = ngroup;
nid.nid_grps = grps;
} else {