git: e991afea1e79 - stable/13 - kern: fail getgroup and setgroup with negative int
Warner Losh
imp at FreeBSD.org
Wed Jul 7 20:10:04 UTC 2021
The branch stable/13 has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=e991afea1e794885931d17310019e4c067501981
commit e991afea1e794885931d17310019e4c067501981
Author: Moritz Buhl <gh at moritzbuhl.de>
AuthorDate: 2019-07-09 15:03:37 +0000
Commit: Warner Losh <imp at FreeBSD.org>
CommitDate: 2021-07-07 20:09:44 +0000
kern: fail getgroup and setgroup with negative int
Found using
https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c
getgroups/setgroups want an int and therefore casting it to u_int
resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL.
imp@ updated syscall.master and made changes markj@ suggested
PR: 189941
Tested by: imp@
Reviewed by: markj@
Pull Request: https://github.com/freebsd/freebsd-src/pull/407
Differential Revision: https://reviews.freebsd.org/D30617
(cherry picked from commit 4bc2174a1b489c36195ccc8cfc15e0775b817c69)
---
sys/kern/kern_prot.c | 12 +++++-------
sys/kern/syscalls.master | 4 ++--
2 files changed, 7 insertions(+), 9 deletions(-)
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 170e9598835e..08fc3c8062db 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -288,7 +288,7 @@ sys_getegid(struct thread *td, struct getegid_args *uap)
#ifndef _SYS_SYSPROTO_H_
struct getgroups_args {
- u_int gidsetsize;
+ int gidsetsize;
gid_t *gidset;
};
#endif
@@ -296,8 +296,7 @@ int
sys_getgroups(struct thread *td, struct getgroups_args *uap)
{
struct ucred *cred;
- u_int ngrp;
- int error;
+ int ngrp, error;
cred = td->td_ucred;
ngrp = cred->cr_ngroups;
@@ -791,7 +790,7 @@ fail:
#ifndef _SYS_SYSPROTO_H_
struct setgroups_args {
- u_int gidsetsize;
+ int gidsetsize;
gid_t *gidset;
};
#endif
@@ -801,11 +800,10 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap)
{
gid_t smallgroups[XU_NGROUPS];
gid_t *groups;
- u_int gidsetsize;
- int error;
+ int gidsetsize, error;
gidsetsize = uap->gidsetsize;
- if (gidsetsize > ngroups_max + 1)
+ if (gidsetsize > ngroups_max + 1 || gidsetsize < 0)
return (EINVAL);
if (gidsetsize > XU_NGROUPS)
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index 5c6ebeb9b52f..5b8e8049927c 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -526,13 +526,13 @@
}
79 AUE_GETGROUPS STD {
int getgroups(
- u_int gidsetsize,
+ int gidsetsize,
_Out_writes_opt_(gidsetsize) gid_t *gidset
);
}
80 AUE_SETGROUPS STD {
int setgroups(
- u_int gidsetsize,
+ int gidsetsize,
_In_reads_(gidsetsize) gid_t *gidset
);
}
More information about the dev-commits-src-branches
mailing list