[PATCH] Fix potential use after free in uidswap.c (portable)
Albert S.
mail at quitesimple.org
Sun Jun 21 00:31:11 AEST 2015
Fixes a potential (but probably rather unlikely) use after free bug in
function temporarily_use_uid(), file uidswap.c.
--- a/uidswap.c
+++ b/uidswap.c
@@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw)
}
}
/* Set the effective uid to the given (unprivileged) uid. */
- if (setgroups(user_groupslen, user_groups) < 0)
- fatal("setgroups: %.100s", strerror(errno));
+ if (user_groupslen > 0 &&
+ (setgroups(user_groupslen, user_groups)) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
Best regards,
Albert
More information about the openssh-unix-dev
mailing list