svn commit: r332559 - head/usr.sbin/mountd
Julian Elischer
julian at freebsd.org
Mon Apr 16 11:22:11 UTC 2018
On 16/4/18 6:56 pm, Konstantin Belousov wrote:
> On Mon, Apr 16, 2018 at 09:17:36AM +0000, Andriy Gapon wrote:
>> Author: avg
>> Date: Mon Apr 16 09:17:36 2018
>> New Revision: 332559
>> URL: https://svnweb.freebsd.org/changeset/base/332559
>>
>> Log:
>> mountd: fix a crash when getgrouplist reports too many groups
>>
>> Previously the code only warned about the condition and then happily
>> proceeded to use the too large value resulting in the array
>> out-of-bounds access.
>>
>> Obtained from: Panzura (Chuanbo Zheng)
>> MFC after: 10 days
>> Sponsored by: Panzura
>>
>> Modified:
>> head/usr.sbin/mountd/mountd.c
>>
>> Modified: head/usr.sbin/mountd/mountd.c
>> ==============================================================================
>> --- head/usr.sbin/mountd/mountd.c Mon Apr 16 08:41:44 2018 (r332558)
>> +++ head/usr.sbin/mountd/mountd.c Mon Apr 16 09:17:36 2018 (r332559)
>> @@ -2915,8 +2915,11 @@ parsecred(char *namelist, struct xucred *cr)
>> }
>> cr->cr_uid = pw->pw_uid;
>> ngroups = XU_NGROUPS + 1;
>> - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups))
>> + if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
>> syslog(LOG_ERR, "too many groups");
>> + ngroups = XU_NGROUPS + 1;
> Why XU_NGROUPS and not the value of sysctl("kern.ngroups") ?
valid question.. because that is how many are allocated?
it was a "minimally invasive patch".. whoever used XU_NGROUPS before
should have fixed it.
Having said that, thanks for drawing out attention to it.. will
probably fix.
>
>> + }
>> +
>> /*
>> * Compress out duplicate.
>> */
>
More information about the svn-src-all
mailing list