From nobody Fri Oct 10 17:16:40 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cjth95dDvz6Bcy6; Fri, 10 Oct 2025 17:16:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cjth86316z3gYX; Fri, 10 Oct 2025 17:16:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760116600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N4wrQAKxpxToPKzZSiyqq5KJTRnvDAAtlozmYOtdULE=; b=CQvtOTzJWeBJlMn/WLpIakmYYWHracxH/+wVetwQsIid6xEc1KhildHJApHnaVXIqTCuyD SHpu3ipXxFP1u7v9sDLVPhRk/Smwi15YAAM3h1fsV/XLoCwGGCD6v3JGcl8RWxkWEAD0Fl jZOkxSHq1kd0KJXq0R5lvfpJpERWRK6OJyZIFmY5eYJUVEo164cUtf7/vBdTnorhVMoV5u X4NW05zZyVzvPj57pSjvTvLgSqqNuwt3lDy12JAGZLlgI2EulMlzS4rKzxIbDb9ewp5Zau 1z/uyGCNUctcG7jj94Tk7zHNebwMOEO5skIyLqNjxjbu88CtChtJcZd6jzWPoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760116600; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N4wrQAKxpxToPKzZSiyqq5KJTRnvDAAtlozmYOtdULE=; b=LkdgH+eY3LsI2EDaoUAoe9zUUo9HMQtTf/cktNQASJb0Yc3zi3VQVQmGPNn69nMGoVM7eG 1PLRZEqxiWK52vbKlDi3fQfer1qAIIsh1BULHQM72rKojOfJfCn9nNp6N98zwbNh7QT66u 1IMkNQTJ2ZCSNmsV9bsSX23ZuL4/uU+HrAmDUtZAwkE4iirJxivjGA1+SYklTAv0acuj7a IMIgRrQLmecIXsLyRV3tGq115gFAeLbCS69s9OmLl7YRVK6jv7STEYzDJ9qZk6KoSOdQNT UOW6jm5YsESOLaLLtAk3Ih5N6Y8iSa8TY8jCsuq+iLZsYlEKr40bZ1nOJb00Zw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760116600; a=rsa-sha256; cv=none; b=JxDcRVDi9xSuC5Ry6glRvddUcQPMXHMWSc1JOCCmhhKYnQHpKVnmeaJLj3MLTAyPDhSyYM czOn4jdMMyed40e82DIZUC+Ftu7VjVYfIyO+t9m862BV2nNMgUrqtXlx3nkFhwO+TKtL22 bJLCbfFduG+xBkodQrJcMSmL6NKsMCjCuypyT81qNeUlKVoRc2TeDhYCnd/0OMv6GdHpbA w5kByKJvkSULKiwVa42qp0teNgP6N59GrLTo/3a5bHvcblP1Dax15hxqu3fVNjIMc/I61/ 1TSGP2/wPf8msf4LnlVUSQSWQH2zVa+SrwEJYqwIob61qDHKppHViirQV/PaEA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cjth85Vqdz1Bnh; Fri, 10 Oct 2025 17:16:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59AHGe74009849; Fri, 10 Oct 2025 17:16:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59AHGeeN009846; Fri, 10 Oct 2025 17:16:40 GMT (envelope-from git) Date: Fri, 10 Oct 2025 17:16:40 GMT Message-Id: <202510101716.59AHGeeN009846@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 5fe22e3d09bd - stable/14 - nfsuserd: Fix OOB access on membership of too many groups List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b commit 5fe22e3d09bd9e1f00913445bcf48a49ae0a1c6b Author: Olivier Certner AuthorDate: 2025-10-09 09:19:37 +0000 Commit: Olivier Certner CommitDate: 2025-10-10 17:16:02 +0000 nfsuserd: Fix OOB access on membership of too many groups getgrouplist() sets the variable containing the allocated length in input to the full effective group list length, not the number of slots that were actually filled in case the passed array is too small to contain it. While here, on this condition, improve the error message by outputting the corresponding user name. MFC after: 1 hour Fixes: e6c623c86ab4 ("Add support for the "-manage-gids" option to the nfsuserd daemon.") Sponsored by: The FreeBSD Foundation (cherry picked from commit bb339adfb2a26c5bb71cd4275dff80f615534ab6) --- usr.sbin/nfsuserd/nfsuserd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/usr.sbin/nfsuserd/nfsuserd.c b/usr.sbin/nfsuserd/nfsuserd.c index 08e8c3c5e6a2..9df50e27efd1 100644 --- a/usr.sbin/nfsuserd/nfsuserd.c +++ b/usr.sbin/nfsuserd/nfsuserd.c @@ -422,8 +422,12 @@ main(int argc, char *argv[]) /* Get the group list for this user. */ ngroup = NGROUPS; if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps, - &ngroup) < 0) - syslog(LOG_ERR, "Group list too small"); + &ngroup) < 0) { + syslog(LOG_ERR, + "Group list of user '%s' too big", + pwd->pw_name); + ngroup = NGROUPS; + } nid.nid_ngroup = ngroup; nid.nid_grps = grps; } else { @@ -622,8 +626,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp) /* Get the group list for this user. */ ngroup = NGROUPS; if (getgrouplist(pwd->pw_name, pwd->pw_gid, - grps, &ngroup) < 0) - syslog(LOG_ERR, "Group list too small"); + grps, &ngroup) < 0) { + syslog(LOG_ERR, + "Group list of user '%s' too big", + pwd->pw_name); + } nid.nid_ngroup = ngroup; nid.nid_grps = grps; } else {