isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

We still need to clamp ngids if getgrouplist2() returns -1.

Browse Source 
Otherwise, we end up with ngids set to the number of gids the user
belongs to which may be larger than what the front-end specified.
Fixes a regression introduced in the last commit here.
This commit is contained in:
Todd C. Miller
2023-08-15 08:52:02 -06:00
parent f17aebe6aa
commit cb01b90a5c
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/sudoers/pwutil_impl.c
View File

@@ -307,8 +307,9 @@ PREFIX(make_gidlist_item)(const struct passwd *pw, char * const *gidstrs,
"unable to allocate memory");
debug_return_ptr(NULL);
}
/* getgrouplist2() returns failure if it can't store all groups. */
(void)PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids);
/* Clamp to max_groups if insufficient space for all groups. */
if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1)
ngids = sudo_pwutil_get_max_groups();
} else {
gids = NULL;
if (PREFIX(getgrouplist2)(pw->pw_name, pw->pw_gid, &gids, &ngids) == -1) {