nfsuserd: Fix OOB access on membership of too many groups

getgrouplist() sets the variable containing the allocated length in
input to the full effective group list length, not the number of slots
that were actually filled in case the passed array is too small to
contain it.

While here, on this condition, improve the error message by outputting
the corresponding user name.

MFC after:      1 hour
Fixes:          e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.")
Sponsored by:   The FreeBSD Foundation

1 files changed, 11 insertions, 4 deletions

diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c
index 29d816934600..0e5c9c8f1e50 100644
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@@ -421,8 +421,12 @@ main(int argc, char *argv[])
 			/* Get the group list for this user. */
 			ngroup = NGROUPS;
 			if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
-			    &ngroup) < 0)
-				syslog(LOG_ERR, "Group list too small");
+			    &ngroup) < 0) {
+				syslog(LOG_ERR,
+				    "Group list of user '%s' too big",
+				    pwd->pw_name);
+				ngroup = NGROUPS;
+			}
 			nid.nid_ngroup = ngroup;
 			nid.nid_grps = grps;
 		} else {
@@ -621,8 +625,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 				/* Get the group list for this user. */
 				ngroup = NGROUPS;
 				if (getgrouplist(pwd->pw_name, pwd->pw_gid,
-				    grps, &ngroup) < 0)
-					syslog(LOG_ERR, "Group list too small");
+				    grps, &ngroup) < 0) {
+					syslog(LOG_ERR,
+					    "Group list of user '%s' too big",
+					    pwd->pw_name);
+				}
 				nid.nid_ngroup = ngroup;
 				nid.nid_grps = grps;
 			} else {