Don't assume that the number of groups returned by getgroups() is static.

On systems where getgroups() returns results based on more than
just the per-process group vector in the kernel it is possible for
the number of groups to change in between invocations.
Based on GitHub PR #106 from Pierre-Olivier Martel.

src/sesh.c

@@ -408,8 +408,10 @@ sesh_sudoedit(int argc, char *argv[])
 		U_("unable to allocate memory"));
 	    debug_return_int(SESH_ERR_FAILURE);
 	}
-	if (getgroups(run_cred.ngroups, run_cred.groups) < 0) {
+	run_cred.ngroups = getgroups(run_cred.ngroups, run_cred.groups);
+	if (run_cred.ngroups < 0) {
 	    sudo_warn("%s", U_("unable to get group list"));
+	    free(run_cred.groups);
 	    debug_return_int(SESH_ERR_FAILURE);
 	}
     } else {

src/sudo.c

@@ -443,7 +443,8 @@ get_user_groups(const char *user, struct sudo_cred *cred)
 		cred->groups = reallocarray(NULL, cred->ngroups, sizeof(GETGROUPS_T));
 		if (cred->groups == NULL)
 		    goto done;
-		if (getgroups(cred->ngroups, cred->groups) < 0) {
+		cred->ngroups = getgroups(cred->ngroups, cred->groups);
+		if (cred->ngroups < 0) {
 		    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
 			"%s: unable to get %d groups via getgroups()",
 			__func__, cred->ngroups);

src/sudo_edit.c

@@ -89,7 +89,8 @@ set_tmpdir(struct sudo_cred *user_cred)
 	    sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
 	    debug_return_bool(false);
 	}
-	if (getgroups(saved_cred.ngroups, saved_cred.groups) < 0) {
+	saved_cred.ngroups = getgroups(saved_cred.ngroups, saved_cred.groups);
+	if (saved_cred.ngroups < 0) {
 	    sudo_warn("%s", U_("unable to get group list"));
 	    free(saved_cred.groups);
 	    debug_return_bool(false);