[Bug 3735] New: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Sep 11 23:11:38 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3735
Bug ID: 3735
Summary: The ngroups variable may be set to a negative value
when calling sysconf(_SC_NGROUPS_MAX)
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: suhov.ra at npc-ksb.ru
File:
https://github.com/openssh/openssh-portable/blob/master/groupaccess.c
Line: 64
The ngroups variable can be set to a negative value when calling
sysconf(_SC_NGROUPS_MAX), and this value is then used without checking
in the xcalloc function call, which can lead to unpredictable behavior
or even errors.
A check must be added to ensure that the value returned by sysconf is
not negative.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list