diff options
| author | Moritz Buhl <gh@moritzbuhl.de> | 2019-07-09 15:03:37 +0000 |
|---|---|---|
| committer | Warner Losh <imp@FreeBSD.org> | 2021-06-02 19:22:57 +0000 |
| commit | 4bc2174a1b489c36195ccc8cfc15e0775b817c69 (patch) | |
| tree | 9ef326f5b92586d72d1da04fdc27c3d252e70e8b | |
| parent | 1976e079544c8ff691f2eec497d68611d8215af5 (diff) | |
| download | src-4bc2174a1b489c36195ccc8cfc15e0775b817c69.tar.gz src-4bc2174a1b489c36195ccc8cfc15e0775b817c69.zip | |
kern: fail getgroup and setgroup with negative int
Found using
https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c
getgroups/setgroups want an int and therefore casting it to u_int
resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL.
imp@ updated syscall.master and made changes markj@ suggested
PR: 189941
Tested by: imp@
Reviewed by: markj@
Pull Request: https://github.com/freebsd/freebsd-src/pull/407
Differential Revision: https://reviews.freebsd.org/D30617
| -rw-r--r-- | sys/kern/kern_prot.c | 12 | ||||
| -rw-r--r-- | sys/kern/syscalls.master | 4 |
2 files changed, 7 insertions, 9 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index a107c7cced95..647acfa60681 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -288,7 +288,7 @@ sys_getegid(struct thread *td, struct getegid_args *uap) #ifndef _SYS_SYSPROTO_H_ struct getgroups_args { - u_int gidsetsize; + int gidsetsize; gid_t *gidset; }; #endif @@ -296,8 +296,7 @@ int sys_getgroups(struct thread *td, struct getgroups_args *uap) { struct ucred *cred; - u_int ngrp; - int error; + int ngrp, error; cred = td->td_ucred; ngrp = cred->cr_ngroups; @@ -791,7 +790,7 @@ fail: #ifndef _SYS_SYSPROTO_H_ struct setgroups_args { - u_int gidsetsize; + int gidsetsize; gid_t *gidset; }; #endif @@ -801,11 +800,10 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap) { gid_t smallgroups[XU_NGROUPS]; gid_t *groups; - u_int gidsetsize; - int error; + int gidsetsize, error; gidsetsize = uap->gidsetsize; - if (gidsetsize > ngroups_max + 1) + if (gidsetsize > ngroups_max + 1 || gidsetsize < 0) return (EINVAL); if (gidsetsize > XU_NGROUPS) diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index 95317d413209..69a82d642d79 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -523,13 +523,13 @@ } 79 AUE_GETGROUPS STD { int getgroups( - u_int gidsetsize, + int gidsetsize, _Out_writes_opt_(gidsetsize) gid_t *gidset ); } 80 AUE_SETGROUPS STD { int setgroups( - u_int gidsetsize, + int gidsetsize, _In_reads_(gidsetsize) gid_t *gidset ); } |