From owner-svn-src-head@freebsd.org Mon Apr 16 11:12:42 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A88CFA0739; Mon, 16 Apr 2018 11:12:42 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E8DC887062; Mon, 16 Apr 2018 11:12:41 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lf0-f52.google.com with SMTP id r7-v6so14343219lfr.1; Mon, 16 Apr 2018 04:12:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=yfXg6zTFh46QzkgC1anpw+gZ7evT62z2+8FHbE9UDQw=; b=WcbyDQpdd9jOjJIX26ooegsAFkSo1skLOou6MiPXAbHhUjBq5WusofVvMJhGtByFjm hnUY34tcNlHgSlwfpoJwYqHQlmGIF6VL3CZtkoGuhq3PILspWWNHihvNvcd1AywQSGaw PnIupPVNonrYJNvAuhI3txC6YipjlgW1JWDh/cTtuZrSSa28LFjr57GYZWefDZ9QfvUB 8CcBO3X1Gpg7uGoCDqdKXsvbufOsyXmUmqplEl+aUrct9J6XQZr5Plg8gj/Q3CcEynpM 6qCZem08ujMDGCUy/yURlyPzByYAk3PLVoq8hO/g4njmYT+oVjTSVZfWCF++qDD1NUFM cIww== X-Gm-Message-State: ALQs6tCul/lz2779FMQFiXWSyobg4iFFz9EacbEFeWcSqFwUfDCXXfUL tuWGokvEnQOmU8PjEwtbbq+Xv4uD X-Google-Smtp-Source: AIpwx4+c2rMLXYM7nbJxygQZq1+ln7SiBa8DN+9+DTd6sRgDjlbjo2ZEvM2DZ8xvst89cB2J8eLuLg== X-Received: by 2002:a19:4f5e:: with SMTP id a30-v6mr3790504lfk.97.1523876751808; Mon, 16 Apr 2018 04:05:51 -0700 (PDT) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id o203-v6sm2790025lff.25.2018.04.16.04.05.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Apr 2018 04:05:50 -0700 (PDT) Subject: Re: svn commit: r332559 - head/usr.sbin/mountd To: Konstantin Belousov Cc: src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, svn-src-head@FreeBSD.org References: <201804160917.w3G9HaCN081290@repo.freebsd.org> <20180416105611.GG1774@kib.kiev.ua> From: Andriy Gapon Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= xsFNBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABzR5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz7CwZQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryM7BTQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAcLBfAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: <84a443f7-ce41-0de4-cd6e-d7c450eb1460@FreeBSD.org> Date: Mon, 16 Apr 2018 14:05:49 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <20180416105611.GG1774@kib.kiev.ua> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2018 11:12:42 -0000 On 16/04/2018 13:56, Konstantin Belousov wrote: > On Mon, Apr 16, 2018 at 09:17:36AM +0000, Andriy Gapon wrote: >> Author: avg >> Date: Mon Apr 16 09:17:36 2018 >> New Revision: 332559 >> URL: https://svnweb.freebsd.org/changeset/base/332559 >> >> Log: >> mountd: fix a crash when getgrouplist reports too many groups >> >> Previously the code only warned about the condition and then happily >> proceeded to use the too large value resulting in the array >> out-of-bounds access. >> >> Obtained from: Panzura (Chuanbo Zheng) >> MFC after: 10 days >> Sponsored by: Panzura >> >> Modified: >> head/usr.sbin/mountd/mountd.c >> >> Modified: head/usr.sbin/mountd/mountd.c >> ============================================================================== >> --- head/usr.sbin/mountd/mountd.c Mon Apr 16 08:41:44 2018 (r332558) >> +++ head/usr.sbin/mountd/mountd.c Mon Apr 16 09:17:36 2018 (r332559) >> @@ -2915,8 +2915,11 @@ parsecred(char *namelist, struct xucred *cr) >> } >> cr->cr_uid = pw->pw_uid; >> ngroups = XU_NGROUPS + 1; >> - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) >> + if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) { >> syslog(LOG_ERR, "too many groups"); >> + ngroups = XU_NGROUPS + 1; > Why XU_NGROUPS and not the value of sysctl("kern.ngroups") ? Two reasons: 1. it's what the code already used 2. the groups are placed into struct xucred and later that struct is passed to kernel, so in my opinion it's xucred that defines the limit in this case -- Andriy Gapon