system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-15 04:43:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

mountd: fix a crash when getgrouplist reports too many groups

Browse source 
Previously the code only warned about the condition and then happily
proceeded to use the too large value resulting in the array
out-of-bounds access.

Obtained from:	Panzura (Chuanbo Zheng)
MFC after:	10 days
Sponsored by:	Panzura
This commit is contained in:
Andriy Gapon 2018-04-16 09:17:36 +00:00
parent 746dddb134
commit 020d6f96e3
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=332559
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
usr.sbin/mountd/mountd.c
View file

@ -2915,8 +2915,11 @@ parsecred(char *namelist, struct xucred *cr)
}
cr->cr_uid = pw->pw_uid;
ngroups = XU_NGROUPS + 1;
if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups))
if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) {
syslog(LOG_ERR, "too many groups");
ngroups = XU_NGROUPS + 1;
}
/*
* Compress out duplicate.
*/