[PATCH] Re: getgroups() gives wrong result with nss_winbind

Wed Sep 22 23:11:42 GMT 2004

On Wed, 22 Sep 2004, Andreas wrote:

> On Sun, Sep 19, 2004 at 11:47:15AM -0700, Jeremy Allison wrote:
>> On Sat, Sep 18, 2004 at 06:38:36PM +0200, Henrik Nordstrom wrote:
>>>
>>> Samba-3.0.7 even has code for this, but a few minor mistakes relating to
>>> the limit parameter makes it never trigger.. Attached is a (untested)
>>> patch which should address this and a few other bugs in the same code is
>>> attached.
>>
>> This looks really good. I'll test it out and hopefully apply
>> it on Monday morning (California time). Thanks a *lot* for that
>> fix !
>
> Just a quick reminder: it builds, but doesn't work at runtime because MIN is undefined:
>
> [root at pandora ~]# su - DOMAIN\\marcia
> su: error while loading shared libraries: /lib/libnss_winbind.so.2: undefined symbol: MIN
>
> Either include some .h or just use the ? test inline.

Attached is an updated patch not relying on MIN().

Just changed

    newsize = MIN(newsize, limit);

to
    if (newsize > limit)
 	newsize = limit;

which is easy to understand both for compilers and humans.

Regards
Henrik
-------------- next part --------------

--- samba-3.0.7/source/nsswitch/winbind_nss_linux.c.orig	2004-09-18 18:19:48.000000000 +0200
+++ samba-3.0.7/source/nsswitch/winbind_nss_linux.c	2004-09-23 01:07:49.610469705 +0200
@@ -835,23 +835,36 @@
 
 			if (gid_list[i] == group) continue;
 
-			/* Add to buffer */
+			/* Filled buffer? */
 
-			if (*start == *size && limit <= 0) {
-				(*groups) = realloc(
-					(*groups), (2 * (*size) + 1) * sizeof(**groups));
-				if (! *groups) goto done;
-				*size = 2 * (*size) + 1;
+			if (*start == *size) {
+				long int newsize;
+				gid_t *newgroups;
+
+				newsize = 2 * *size;
+				if (limit > 0) {
+				    if (*size == limit)
+					goto done;
+				    if (newsize > limit)
+					newsize = limit;
+				}
+
+				newgroups = realloc(
+					(*groups), newsize * sizeof(**groups));
+				if (!newgroups) {
+				    *errnop = ENOMEM;
+				    ret = NSS_STATUS_NOTFOUND;
+				    goto done;
+				}
+				*groups = newgroups;
+				*size = newsize;
 			}
 
-			if (*start == *size) goto done;
+			/* Add to buffer */
 
 			(*groups)[*start] = gid_list[i];
 			*start += 1;
 
-			/* Filled buffer? */
-
-			if (*start == limit) goto done;
 		}
 	}
 	
