isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If sudo_getgrouplist2() returns -1, clamp ngroups based on max_groups.

Browse Source 
The ngroups parameter is an out parameter that is filled in with
the actual number of groups, which may be less than the static
number allocated when max_groups is set in sudo.conf.
Fixes a potential out of bounds read found by LLVM libFuzzer.
This commit is contained in:
Todd C. Miller
2021-02-13 11:54:21 -07:00
parent e89a8133ac
commit 41eae91206
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/sudo.c
View File

@@ -396,9 +396,11 @@ fill_group_list(const char *user, struct sudo_cred *cred)
if (cred->ngroups > 0) {
cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T));
if (cred->groups != NULL) {
/* No error on insufficient space if user specified max_groups. */
(void)sudo_getgrouplist2(user, cred->gid,
&cred->groups, &cred->ngroups);
/* Clamp to max_groups if insufficient space for all groups. */
if (sudo_getgrouplist2(user, cred->gid, &cred->groups,
&cred->ngroups) == -1) {
cred->ngroups = sudo_conf_max_groups();
}
ret = 0;
}
} else {