[PATCH] Fix incorrect usages of getgroups()

Jeremy Allison jra at samba.org
Mon Apr 17 22:46:26 UTC 2017


In two places. Fix for bug: https://bugzilla.samba.org/show_bug.cgi?id=12747

Please review and push if happy !

Jeremy.
-------------- next part --------------
From f0365ad3e37a5d27fa7d86e86458f3a79bede377 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 17 Apr 2017 14:30:04 -0700
Subject: [PATCH 1/2] s3: lib: Fix incorrect logic in sys_broken_getgroups().

If setlen == 0 then the second argument must be ignored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/lib/system.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 3d3eeeda7c4..99462b631c7 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -790,12 +790,11 @@ int groups_max(void)
 
 static int sys_broken_getgroups(int setlen, gid_t *gidset)
 {
-	GID_T gid;
 	GID_T *group_list;
 	int i, ngroups;
 
 	if(setlen == 0) {
-		return getgroups(setlen, &gid);
+		return getgroups(0, NULL);
 	}
 
 	/*
@@ -808,9 +807,6 @@ static int sys_broken_getgroups(int setlen, gid_t *gidset)
 		return -1;
 	} 
 
-	if (setlen == 0)
-		setlen = groups_max();
-
 	if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) {
 		DEBUG(0,("sys_getgroups: Malloc fail.\n"));
 		return -1;
@@ -823,6 +819,12 @@ static int sys_broken_getgroups(int setlen, gid_t *gidset)
 		return -1;
 	}
 
+	/*
+	 * We're safe here as if ngroups > setlen then
+	 * getgroups *must* return EINVAL.
+	 * pubs.opengroup.org/onlinepubs/009695399/functions/getgroups.html
+	 */
+
 	for(i = 0; i < ngroups; i++)
 		gidset[i] = (gid_t)group_list[i];
 
-- 
2.12.2.762.g0e3151a226-goog


From 9c13408aba1553d438e0c26616dd2d38857cade4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Mon, 17 Apr 2017 14:30:54 -0700
Subject: [PATCH 2/2] s3: smbd: Fix incorrect use of sys_getgroups().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Second arg must be NULL when first arg is 0 (it
is in all other places).

Bug report and patch from Hanno Böck <hanno at hboeck.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747

Signed-off-by: Jeremy Allison <jra at samba.org>
---
 source3/smbd/sec_ctx.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 33d987fbe70..5e0710e0ecb 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -139,7 +139,6 @@ static void gain_root(void)
 static int get_current_groups(gid_t gid, uint32_t *p_ngroups, gid_t **p_groups)
 {
 	int i;
-	gid_t grp;
 	int ngroups;
 	gid_t *groups = NULL;
 
@@ -153,7 +152,7 @@ static int get_current_groups(gid_t gid, uint32_t *p_ngroups, gid_t **p_groups)
 	set_effective_gid(gid);
 	samba_setgid(gid);
 
-	ngroups = sys_getgroups(0,&grp);
+	ngroups = sys_getgroups(0, NULL);
 	if (ngroups <= 0) {
 		goto fail;
 	}
-- 
2.12.2.762.g0e3151a226-goog



More information about the samba-technical mailing list