From nobody Thu Oct 9 20:41:24 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cjMGr65hSz6C5hp; Thu, 09 Oct 2025 20:41:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cjMGr4gkzz3ZfL; Thu, 09 Oct 2025 20:41:24 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760042484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iztCs0MfPcVVDOQ/GIrpAKXHv/UguoBR+PeLaBqfZ7Q=; b=xfOzrabvAtsBZV22N2gFRfTfFDvyA8Cagk/vjagKnyCPZYvQ0ZaRn2ZvN0cJIljj99sc3Y KqszlChylpTpd4hg114wNPezrUCVK6d1jAFEQJPGxNaxhq1I+CmuS6hqsfIbShD+axulDu nWUMonY45gb+4I7Qs+/5orvN4EyUKQ+qAnR2eCdOTkkGWciDj5CpEYsP4VDsAVe1FGT2Mi CNUuxiY1qQVjnV0iAO9Uzt9Sx5pmvL4LZqbQiY4PKmWJK5s0Fwao7AUE2g7xA2KxYw9jc1 NwXGYEFAyP4Pv55DsuMzLNOFy1r5nCJHUtG2gT1siASwKYkIa08YABt7SI10zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760042484; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iztCs0MfPcVVDOQ/GIrpAKXHv/UguoBR+PeLaBqfZ7Q=; b=sD306SBNzX1rqgA1ywMn3uat1ILKIxB3NBFStVcj+jCpXtilDQTAwxvPnKt8VUJ6/Qgrco 2HKnH9cXFIDLeLsix2Bo/vzSovZJ12Tc1RjrKrWHFaLh6F/FjrrMTHJbSG74dtLOmFNuTD grB/S8CTcMW/DLctv40YTCfUGjOjC8mYoPMIdYEF2af6AvJiiNBTMUlknrU9Kf8/BWU6qk rg6ic4hmIQT+nf8JcOskYs6e7jLHO1S5KyvNavg7h3S08bU+dKdptBKWjsH+MPhDPq00OU Yb9ThKTxZI01REP6mgjcSjPy041ryoBB0adpKj7zKabU3MeAq8cV0c88bXfdRg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760042484; a=rsa-sha256; cv=none; b=fulBldTmOmf6XSpaUZGW196AWO7NLjPO7ijX+/rdjFMQfO5DbPYKzIhMwuFwn007rLhHr8 CHGcu/tzImsXI7hlkgtXp8iy/g9RzycFiiFw9IcAkoz6/ccC4WBsvcdirF1xRhlIaC1vhL FP4b9zMXvNTuJ5c2KjDtVucnZoDRYAXHTExW6LyiEKq0+36el1ZI00WUvz/mx166s5xbJ+ K+qDU0z6a7KP/1xm4pOlFwxzRW4gpchF9iayjAm+q7/mY0lh0xifo7TYEZHBDkXZrN+Dwy UoiU+Psn+BYcqfqcTCj6Out8JojghbP3W7xmpau/z58VI70uTTtC40yDiggYOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cjMGr49C0zYyt; Thu, 09 Oct 2025 20:41:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 599KfOar089889; Thu, 9 Oct 2025 20:41:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 599KfOs6089886; Thu, 9 Oct 2025 20:41:24 GMT (envelope-from git) Date: Thu, 9 Oct 2025 20:41:24 GMT Message-Id: <202510092041.599KfOs6089886@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: ef40e02a8d78 - stable/15 - nfsuserd: Fix OOB access on membership of too many groups List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: ef40e02a8d788f1e96f4f89c0b96fb50a4aad8e7 Auto-Submitted: auto-generated The branch stable/15 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=ef40e02a8d788f1e96f4f89c0b96fb50a4aad8e7 commit ef40e02a8d788f1e96f4f89c0b96fb50a4aad8e7 Author: Olivier Certner AuthorDate: 2025-10-09 09:19:37 +0000 Commit: Olivier Certner CommitDate: 2025-10-09 20:40:43 +0000 nfsuserd: Fix OOB access on membership of too many groups getgrouplist() sets the variable containing the allocated length in input to the full effective group list length, not the number of slots that were actually filled in case the passed array is too small to contain it. While here, on this condition, improve the error message by outputting the corresponding user name. MFC after: 1 hour Fixes: e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.") Sponsored by: The FreeBSD Foundation (cherry picked from commit bb339adfb2a26c5bb71cd4275dff80f615534ab6) --- usr.sbin/nfsuserd/nfsuserd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c index 29d816934600..0e5c9c8f1e50 100644 --- a/usr.sbin/nfsuserd/nfsuserd.c +++ b/usr.sbin/nfsuserd/nfsuserd.c @@ -421,8 +421,12 @@ main(int argc, char *argv[]) /* Get the group list for this user. */ ngroup = NGROUPS; if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, - &ngroup) < 0) - syslog(LOG_ERR, "Group list too small"); + &ngroup) < 0) { + syslog(LOG_ERR, + "Group list of user '%s' too big", + pwd->pw_name); + ngroup = NGROUPS; + } nid.nid_ngroup = ngroup; nid.nid_grps = grps; } else { @@ -621,8 +625,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) /* Get the group list for this user. */ ngroup = NGROUPS; if (getgrouplist(pwd->pw_name, pwd->pw_gid, - grps, &ngroup) < 0) - syslog(LOG_ERR, "Group list too small"); + grps, &ngroup) < 0) { + syslog(LOG_ERR, + "Group list of user '%s' too big", + pwd->pw_name); + } nid.nid_ngroup = ngroup; nid.nid_grps = grps; } else {