[openssh-commits] [openssh] branch master updated: let ga_init() fail gracefully if getgrouplist does
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Jul 12 10:22:53 AEST 2025
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new f9dc51925 let ga_init() fail gracefully if getgrouplist does
f9dc51925 is described below
commit f9dc519259804702cab0fa0ca8b193a360e3ec38
Author: Damien Miller <djm at mindrot.org>
AuthorDate: Fri Jul 11 17:20:27 2025 -0700
let ga_init() fail gracefully if getgrouplist does
Apparently getgrouplist() can fail on OSX for when passed a non-existent
group name. Other platforms seem to return a group list consisting of
the numeric gid passed to the function.
This makes ga_init() handle this failure case gracefully, where it will
return success but with an empty group list array.
bz3848; ok dtucker@
---
groupaccess.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/groupaccess.c b/groupaccess.c
index b85782472..046d0e6bc 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -63,6 +63,14 @@ ga_init(const char *user, gid_t base)
groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid));
while (getgrouplist(user, base, groups_bygid, &ngroups) == -1) {
+ if (ngroups <= ongroups) {
+ error("getgrouplist(\"%s\", %ld): failed",
+ user, (long)base);
+ free(groups_bygid);
+ groups_bygid = NULL;
+ ngroups = 0;
+ return 0;
+ }
if (retry++ > 0) {
fatal("getgrouplist(\"%s\", %ld): groups list too big "
"(have %ld, need %ld)", user, (long)base,
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list