This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

more NGROUPS hacking


I've changed some of the RPC code which made use of NGROUPS.  Boy, that
code is screwed.  Of more correctly, the users of that code are screwed.

The array passed to authdes_getucred() must be large enough for the
values read from NIS or wherever.  But no size argument is available.
So netname2user() will scribble happily over the array boundaries should
the size of the array be too small.  Also, the output parameter for the
number of groups is an short.  I.e., this is too small even for the
default maximum number the Linux kernel now handles.

Anyway, the libc side should be fine now.  If something crashes it's
because the array passed in is too small.  Some platforms apparently
document that the netname2user() function never writes more than NGROUPS
values.  This might be one way out, but a limiting one.

The best advise is as before: avoid RPC like the plague.


(I wonder if the criminally reckless people who "designed" these
interfaces still work for Sun and can be held responsible...)

-- 
â Ulrich Drepper â Red Hat, Inc. â 444 Castro St â Mountain View, CA â


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]