From nobody Fri Oct 10 17:16:40 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cjth95dDvz6Bcy6;
	Fri, 10 Oct 2025 17:16:41 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4cjth86316z3gYX;
	Fri, 10 Oct 2025 17:16:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1760116600;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=N4wrQAKxpxToPKzZSiyqq5KJTRnvDAAtlozmYOtdULE=;
	b=CQvtOTzJWeBJlMn/WLpIakmYYWHracxH/+wVetwQsIid6xEc1KhildHJApHnaVXIqTCuyD
	SHpu3ipXxFP1u7v9sDLVPhRk/Smwi15YAAM3h1fsV/XLoCwGGCD6v3JGcl8RWxkWEAD0Fl
	jZOkxSHq1kd0KJXq0R5lvfpJpERWRK6OJyZIFmY5eYJUVEo164cUtf7/vBdTnorhVMoV5u
	X4NW05zZyVzvPj57pSjvTvLgSqqNuwt3lDy12JAGZLlgI2EulMlzS4rKzxIbDb9ewp5Zau
	1z/uyGCNUctcG7jj94Tk7zHNebwMOEO5skIyLqNjxjbu88CtChtJcZd6jzWPoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1760116600;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=N4wrQAKxpxToPKzZSiyqq5KJTRnvDAAtlozmYOtdULE=;
	b=LkdgH+eY3LsI2EDaoUAoe9zUUo9HMQtTf/cktNQASJb0Yc3zi3VQVQmGPNn69nMGoVM7eG
	1PLRZEqxiWK52vbKlDi3fQfer1qAIIsh1BULHQM72rKojOfJfCn9nNp6N98zwbNh7QT66u
	1IMkNQTJ2ZCSNmsV9bsSX23ZuL4/uU+HrAmDUtZAwkE4iirJxivjGA1+SYklTAv0acuj7a
	IMIgRrQLmecIXsLyRV3tGq115gFAeLbCS69s9OmLl7YRVK6jv7STEYzDJ9qZk6KoSOdQNT
	UOW6jm5YsESOLaLLtAk3Ih5N6Y8iSa8TY8jCsuq+iLZsYlEKr40bZ1nOJb00Zw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760116600; a=rsa-sha256; cv=none;
	b=JxDcRVDi9xSuC5Ry6glRvddUcQPMXHMWSc1JOCCmhhKYnQHpKVnmeaJLj3MLTAyPDhSyYM
	czOn4jdMMyed40e82DIZUC+Ftu7VjVYfIyO+t9m862BV2nNMgUrqtXlx3nkFhwO+TKtL22
	bJLCbfFduG+xBkodQrJcMSmL6NKsMCjCuypyT81qNeUlKVoRc2TeDhYCnd/0OMv6GdHpbA
	w5kByKJvkSULKiwVa42qp0teNgP6N59GrLTo/3a5bHvcblP1Dax15hxqu3fVNjIMc/I61/
	1TSGP2/wPf8msf4LnlVUSQSWQH2zVa+SrwEJYqwIob61qDHKppHViirQV/PaEA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cjth85Vqdz1Bnh;
	Fri, 10 Oct 2025 17:16:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59AHGe74009849;
	Fri, 10 Oct 2025 17:16:40 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59AHGeeN009846;
	Fri, 10 Oct 2025 17:16:40 GMT
	(envelope-from git)
Date: Fri, 10 Oct 2025 17:16:40 GMT
Message-Id: <202510101716.59AHGeeN009846@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 5fe22e3d09bd - stable/14 - nfsuserd: Fix OOB access
  on membership of too many groups
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b

commit 5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-10-09 09:19:37 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-10-10 17:16:02 +0000

    nfsuserd: Fix OOB access on membership of too many groups
    
    getgrouplist() sets the variable containing the allocated length in
    input to the full effective group list length, not the number of slots
    that were actually filled in case the passed array is too small to
    contain it.
    
    While here, on this condition, improve the error message by outputting
    the corresponding user name.
    
    MFC after:      1 hour
    Fixes:          e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.")
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit bb339adfb2a26c5bb71cd4275dff80f615534ab6)
---
 usr.sbin/nfsuserd/nfsuserd.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c
index 08e8c3c5e6a2..9df50e27efd1 100644
--- a/usr.sbin/nfsuserd/nfsuserd.c
+++ b/usr.sbin/nfsuserd/nfsuserd.c
@@ -422,8 +422,12 @@ main(int argc, char *argv[])
 			/* Get the group list for this user. */
 			ngroup = NGROUPS;
 			if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
-			    &ngroup) < 0)
-				syslog(LOG_ERR, "Group list too small");
+			    &ngroup) < 0) {
+				syslog(LOG_ERR,
+				    "Group list of user '%s' too big",
+				    pwd->pw_name);
+				ngroup = NGROUPS;
+			}
 			nid.nid_ngroup = ngroup;
 			nid.nid_grps = grps;
 		} else {
@@ -622,8 +626,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
 				/* Get the group list for this user. */
 				ngroup = NGROUPS;
 				if (getgrouplist(pwd->pw_name, pwd->pw_gid,
-				    grps, &ngroup) < 0)
-					syslog(LOG_ERR, "Group list too small");
+				    grps, &ngroup) < 0) {
+					syslog(LOG_ERR,
+					    "Group list of user '%s' too big",
+					    pwd->pw_name);
+				}
 				nid.nid_ngroup = ngroup;
 				nid.nid_grps = grps;
 			} else {