|
|
086f82 |
From c3e0098383fb199d678df54bfd129123a8184e70 Mon Sep 17 00:00:00 2001
|
|
|
086f82 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
086f82 |
Date: Wed, 18 Apr 2018 10:23:22 +0200
|
|
|
086f82 |
Subject: [PATCH] nss-idmap: use right group list pointer after sss_get_ex()
|
|
|
086f82 |
|
|
|
086f82 |
If the initial array is too small it will be reallocated during
|
|
|
086f82 |
sss_get_ex() and the pointer might change and the initial memory area
|
|
|
086f82 |
should not be used anymore.
|
|
|
086f82 |
|
|
|
086f82 |
Related to https://pagure.io/SSSD/sssd/issue/3715
|
|
|
086f82 |
|
|
|
086f82 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
086f82 |
(cherry picked from commit 2c4dc7a4d98c439c69625f12ba4c3c8253f4cc5b)
|
|
|
086f82 |
---
|
|
|
086f82 |
src/sss_client/idmap/sss_nss_ex.c | 18 +++++++++---------
|
|
|
086f82 |
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
086f82 |
|
|
|
086f82 |
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
|
|
|
086f82 |
index f56bffcc24a7e2503e23a892541a9242ed4b5069..5bcfe8850b5355d6cbe0efc5e52fe076737f2a08 100644
|
|
|
086f82 |
--- a/src/sss_client/idmap/sss_nss_ex.c
|
|
|
086f82 |
+++ b/src/sss_client/idmap/sss_nss_ex.c
|
|
|
086f82 |
@@ -485,7 +485,6 @@ int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
|
|
|
086f82 |
uint32_t flags, unsigned int timeout)
|
|
|
086f82 |
{
|
|
|
086f82 |
int ret;
|
|
|
086f82 |
- gid_t *new_groups;
|
|
|
086f82 |
long int new_ngroups;
|
|
|
086f82 |
long int start = 1;
|
|
|
086f82 |
struct nss_input inp = {
|
|
|
086f82 |
@@ -498,27 +497,28 @@ int sss_nss_getgrouplist_timeout(const char *name, gid_t group,
|
|
|
086f82 |
}
|
|
|
086f82 |
|
|
|
086f82 |
new_ngroups = MAX(1, *ngroups);
|
|
|
086f82 |
- new_groups = malloc(new_ngroups * sizeof(gid_t));
|
|
|
086f82 |
- if (new_groups == NULL) {
|
|
|
086f82 |
+ inp.result.initgrrep.groups = malloc(new_ngroups * sizeof(gid_t));
|
|
|
086f82 |
+ if (inp.result.initgrrep.groups == NULL) {
|
|
|
086f82 |
free(discard_const(inp.rd.data));
|
|
|
086f82 |
return ENOMEM;
|
|
|
086f82 |
}
|
|
|
086f82 |
- new_groups[0] = group;
|
|
|
086f82 |
+ inp.result.initgrrep.groups[0] = group;
|
|
|
086f82 |
|
|
|
086f82 |
- inp.result.initgrrep.groups = new_groups,
|
|
|
086f82 |
inp.result.initgrrep.ngroups = &new_ngroups;
|
|
|
086f82 |
inp.result.initgrrep.start = &start;
|
|
|
086f82 |
|
|
|
086f82 |
-
|
|
|
086f82 |
+ /* inp.result.initgrrep.groups, inp.result.initgrrep.ngroups and
|
|
|
086f82 |
+ * inp.result.initgrrep.start might be modified by sss_get_ex() */
|
|
|
086f82 |
ret = sss_get_ex(&inp, flags, timeout);
|
|
|
086f82 |
free(discard_const(inp.rd.data));
|
|
|
086f82 |
if (ret != 0) {
|
|
|
086f82 |
- free(new_groups);
|
|
|
086f82 |
+ free(inp.result.initgrrep.groups);
|
|
|
086f82 |
return ret;
|
|
|
086f82 |
}
|
|
|
086f82 |
|
|
|
086f82 |
- memcpy(groups, new_groups, MIN(*ngroups, start) * sizeof(gid_t));
|
|
|
086f82 |
- free(new_groups);
|
|
|
086f82 |
+ memcpy(groups, inp.result.initgrrep.groups,
|
|
|
086f82 |
+ MIN(*ngroups, start) * sizeof(gid_t));
|
|
|
086f82 |
+ free(inp.result.initgrrep.groups);
|
|
|
086f82 |
|
|
|
086f82 |
if (start > *ngroups) {
|
|
|
086f82 |
ret = ERANGE;
|
|
|
086f82 |
--
|
|
|
086f82 |
2.14.3
|
|
|
086f82 |
|