Date: Wed, 7 Jul 2021 20:10:04 GMT From: Warner Losh <imp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e991afea1e79 - stable/13 - kern: fail getgroup and setgroup with negative int Message-ID: <202107072010.167KA4QU056363@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=e991afea1e794885931d17310019e4c067501981 commit e991afea1e794885931d17310019e4c067501981 Author: Moritz Buhl <gh@moritzbuhl.de> AuthorDate: 2019-07-09 15:03:37 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2021-07-07 20:09:44 +0000 kern: fail getgroup and setgroup with negative int Found using https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c getgroups/setgroups want an int and therefore casting it to u_int resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL. imp@ updated syscall.master and made changes markj@ suggested PR: 189941 Tested by: imp@ Reviewed by: markj@ Pull Request: https://github.com/freebsd/freebsd-src/pull/407 Differential Revision: https://reviews.freebsd.org/D30617 (cherry picked from commit 4bc2174a1b489c36195ccc8cfc15e0775b817c69) --- sys/kern/kern_prot.c | 12 +++++------- sys/kern/syscalls.master | 4 ++-- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 170e9598835e..08fc3c8062db 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -288,7 +288,7 @@ sys_getegid(struct thread *td, struct getegid_args *uap) #ifndef _SYS_SYSPROTO_H_ struct getgroups_args { - u_int gidsetsize; + int gidsetsize; gid_t *gidset; }; #endif @@ -296,8 +296,7 @@ int sys_getgroups(struct thread *td, struct getgroups_args *uap) { struct ucred *cred; - u_int ngrp; - int error; + int ngrp, error; cred = td->td_ucred; ngrp = cred->cr_ngroups; @@ -791,7 +790,7 @@ fail: #ifndef _SYS_SYSPROTO_H_ struct setgroups_args { - u_int gidsetsize; + int gidsetsize; gid_t *gidset; }; #endif @@ -801,11 +800,10 @@ sys_setgroups(struct thread *td, struct setgroups_args *uap) { gid_t smallgroups[XU_NGROUPS]; gid_t *groups; - u_int gidsetsize; - int error; + int gidsetsize, error; gidsetsize = uap->gidsetsize; - if (gidsetsize > ngroups_max + 1) + if (gidsetsize > ngroups_max + 1 || gidsetsize < 0) return (EINVAL); if (gidsetsize > XU_NGROUPS) diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master index 5c6ebeb9b52f..5b8e8049927c 100644 --- a/sys/kern/syscalls.master +++ b/sys/kern/syscalls.master @@ -526,13 +526,13 @@ } 79 AUE_GETGROUPS STD { int getgroups( - u_int gidsetsize, + int gidsetsize, _Out_writes_opt_(gidsetsize) gid_t *gidset ); } 80 AUE_SETGROUPS STD { int setgroups( - u_int gidsetsize, + int gidsetsize, _In_reads_(gidsetsize) gid_t *gidset ); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202107072010.167KA4QU056363>