[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 24 11:26:25 EST 2004


------- Additional Comments From openssh_bugzilla at hockin.org  2004-02-24 11:26 -------
Created an attachment (id=550)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=550&action=view)
NGROUPS patch with our own get_ngroups()

Since getgrouplist() is stupid when we just want it to count the groups, we can
roll our own.

This might not be needed.  The prior (-4) version of this patch SHOULD work on
anything that supports getgrouplist() (modulo buffer overflow bugs in
getgrouplist() which this is happy to trigger), which must be everything that
openssh supports, since we use it.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list