[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 24 12:08:48 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From dtucker at zip.com.au  2004-02-24 12:08 -------
(From update of attachment 550)
>Index: uidswap.c
[...]
>+	saved_egroupslen = getgroups(0, NULL);

Should use get_ngroups here too, no?

>Index: groupaccess.c
[...]
>+		struct group *gr = getgrent();

If you're using getgrent() shouldn't you setgrent() first?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list