[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Feb 23 15:42:29 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From djm at mindrot.org  2004-02-23 15:42 -------
(From update of attachment 548)
There are two changes in this patch. Making the groups_byname array dynamic is
OK, but I don't know about this:

>+		} else {
>+			char gidstr[32];
>+
>+			logit("getgrgid: unknown group id: %d",
>+			    (int)groups_bygid[i]);
>+			snprintf(gidstr, sizeof(gidstr), "%d",
>+			    (int)groups_bygid[i]);
>+			groups_byname[i] = xstrdup(gidstr);
>+		}

I not sure whether it makes sense, but is it a change in behaviour and should
be a separate patch.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list