isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If sudo_getgrouplist2() returns -1, clamp ngroups based on max_groups.

Browse Source 
The ngroups parameter is an out parameter that is filled in with
the actual number of groups, which may be less than the static
number allocated when max_groups is set in sudo.conf.
Fixes a potential out of bounds read found by LLVM libFuzzer.
This commit is contained in:
Todd C. Miller
2021-02-13 11:54:21 -07:00
parent e89a8133ac
commit 41eae91206
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/sudoers/pwutil_impl.c
View File

@@ -263,7 +263,9 @@ sudo_make_gidlist_item(const struct passwd *pw, char * const *unused1,
"unable to allocate memory");
debug_return_ptr(NULL);
}
(void)sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids);
/* Clamp to max_groups if insufficient space for all groups. */
if (sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1)
ngids = sudo_user.max_groups;
} else {
gids = NULL;
if (sudo_getgrouplist2(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) {