This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
[PATCH] getgrouplist memory corruption
- From: Thorsten Kukuk <kukuk at suse dot de>
- To: libc-alpha at sources dot redhat dot com
- Date: Tue, 29 Mar 2005 14:24:52 +0200
- Subject: [PATCH] getgrouplist memory corruption
- Organization: SuSE Linux Products GmbH, Nuernberg, Germany
Hi,
If you call getgrouplist with ngroups=0 as argument to find out, how
big the buffer needs to be, it will corrupt the stack. The problem is,
that internal_getgrouplist will always add the main group at first,
without checking for enough space:
2005-03-29 Thorsten Kukuk <kukuk@suse.de>
[BZ 3661]
* grp/initgroups.c (internal_getgrouplist): check if we have
enough space before adding the primary group to the list.
--- grp/initgroups.c 5 Oct 2004 15:36:26 -0000 1.33
+++ grp/initgroups.c 14 Jan 2005 10:24:52 -0000
@@ -1,4 +1,4 @@
-/* Copyright (C) 1989,91,93,1996-2003, 2004 Free Software Foundation, Inc.
+/* Copyright (C) 1989,91,93,1996-2003, 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -73,7 +73,10 @@
/* Start is one, because we have the first group as parameter. */
long int start = 1;
- (*groupsp)[0] = group;
+ /* it is possible to call getgrouplist with groups == NULL
+ and ngroups == 0. So check we have the space. */
+ if (*size > 0)
+ (*groupsp)[0] = group;
if (__nss_group_database != NULL)
{
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B