[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 24 09:55:56 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=787
------- Additional Comments From djm at mindrot.org 2004-02-24 09:55 -------
We could use OpenBSD's:
$ wc -l /usr/src/lib/libc/gen/getgrouplist.c
94 /usr/src/lib/libc/gen/getgrouplist.c
but from reading the manpage, it looks like the behaviour of returning the
number of groups is not guaranteed - OpenBSD's implementation will return up to
will return up to *ngroups, but not more.
We may need OpenBSD's implementation anyway - getgrouplist isn't POSIX, it comes
from 4.4BSD.
I think we will need to feed getgrouplist with the maximum available, i.e:
int ngroups;
gid_t *gidlist
ngroups = NGROUPS_MAX;
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
ngroups = MAX(ngroups, sysconf(_SC_NGROUPS_MAX));
#endif
gidlist = xmalloc(sizeof(*gidlist) * ngroups));
if (getgrouplist(user, group, gidlist, &ngroups) == -1)
fatal
xfree(gidlist);
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list