isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups.

Browse Source 
On macOS 10.6 and above, getgroups(2) can return more than NGROUPS_MAX
if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is defined.
Bug #946
This commit is contained in:
Todd C. Miller
2020-12-07 13:15:25 -07:00
parent 1cdc4716c2
commit 0e3e13d872
4 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/sudo.c
View File

@@ -431,9 +431,10 @@ get_user_groups(struct user_details *ud)
if (maxgroups < 0)
maxgroups = NGROUPS_MAX;
/* Note that macOS may return ngroups > NGROUPS_MAX. */
if ((ud->ngroups = getgroups(0, NULL)) > 0) {
/* Use groups from kernel if not too many or source is static. */
if (ud->ngroups < maxgroups || group_source == GROUP_SOURCE_STATIC) {
/* Use groups from kernel if not at limit or source is static. */
if (ud->ngroups != maxgroups || group_source == GROUP_SOURCE_STATIC) {
ud->groups = reallocarray(NULL, ud->ngroups, sizeof(GETGROUPS_T));
if (ud->groups == NULL)
goto done;