[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 24 09:55:56 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From djm at mindrot.org  2004-02-24 09:55 -------
We could use OpenBSD's:

$ wc -l /usr/src/lib/libc/gen/getgrouplist.c
      94 /usr/src/lib/libc/gen/getgrouplist.c

but from reading the manpage, it looks like the behaviour of returning the
number of groups is not guaranteed - OpenBSD's implementation will return up to
will return up to *ngroups, but not more. 

We may need OpenBSD's implementation anyway - getgrouplist isn't POSIX, it comes
from 4.4BSD.

I think we will need to feed getgrouplist with the maximum available, i.e:

int ngroups;
gid_t *gidlist

ngroups = NGROUPS_MAX;
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
ngroups = MAX(ngroups, sysconf(_SC_NGROUPS_MAX));
#endif

gidlist = xmalloc(sizeof(*gidlist) * ngroups));

if (getgrouplist(user, group, gidlist, &ngroups) == -1)
    fatal

xfree(gidlist);




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list