svn commit: r277669 - head/lib/libutil

Mark Johnston markj at FreeBSD.org
Sun Jan 25 00:47:07 UTC 2015 

Author: markj
Date: Sun Jan 25 00:47:06 2015
New Revision: 277669
URL: https://svnweb.freebsd.org/changeset/base/277669

Log:
  gr_equal(): Fix a crash that could occur if the first group's member list
  was longer than the second's. There is no need to compute and compare the
  member list lengths in a separate pass, since we now just return false when
  comparing member names if the list lengths are not equal.
  
  MFC after:	2 weeks

Modified:
  head/lib/libutil/gr_util.c

Modified: head/lib/libutil/gr_util.c
==============================================================================
--- head/lib/libutil/gr_util.c	Sun Jan 25 00:36:42 2015	(r277668)
+++ head/lib/libutil/gr_util.c	Sun Jan 25 00:47:06 2015	(r277669)
@@ -351,8 +351,6 @@ gr_fini(void)
 int
 gr_equal(const struct group *gr1, const struct group *gr2)
 {
-	int gr1_ndx;
-	int gr2_ndx;
 
 	/* Check that the non-member information is the same. */
 	if (gr1->gr_name == NULL || gr2->gr_name == NULL) {
@@ -368,7 +366,8 @@ gr_equal(const struct group *gr1, const 
 	if (gr1->gr_gid != gr2->gr_gid)
 		return (false);
 
-	/* Check all members in both groups.
+	/*
+	 * Check all members in both groups.
 	 * getgrnam can return gr_mem with a pointer to NULL.
 	 * gr_dup and gr_add strip out this superfluous NULL, setting
 	 * gr_mem to NULL for no members.
@@ -376,22 +375,18 @@ gr_equal(const struct group *gr1, const 
 	if (gr1->gr_mem != NULL && gr2->gr_mem != NULL) {
 		int i;
 
-		for (i = 0; gr1->gr_mem[i] != NULL; i++) {
+		for (i = 0;
+		    gr1->gr_mem[i] != NULL && gr2->gr_mem[i] != NULL; i++) {
 			if (strcmp(gr1->gr_mem[i], gr2->gr_mem[i]) != 0)
 				return (false);
 		}
-	}
-	/* Count number of members in both structs */
-	gr2_ndx = 0;
-	if (gr2->gr_mem != NULL)
-		for(; gr2->gr_mem[gr2_ndx] != NULL; gr2_ndx++)
-			/* empty */;
-	gr1_ndx = 0;
-	if (gr1->gr_mem != NULL)
-		for(; gr1->gr_mem[gr1_ndx] != NULL; gr1_ndx++)
-			/* empty */;
-	if (gr1_ndx != gr2_ndx)
+		if (gr1->gr_mem[i] != NULL || gr2->gr_mem[i] != NULL)
+			return (false);
+	} else if (gr1->gr_mem != NULL && gr1->gr_mem[0] != NULL) {
 		return (false);
+	} else if (gr2->gr_mem != NULL && gr2->gr_mem[0] != NULL) {
+		return (false);
+	}
 
 	return (true);
 }

More information about the svn-src-head mailing list