git: 4bc2174a1b48 - main - kern: fail getgroup and setgroup with negative int

Wed, 02 Jun 2021 12:25:23 -0700 

The branch main has been updated by imp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=4bc2174a1b489c36195ccc8cfc15e0775b817c69

commit 4bc2174a1b489c36195ccc8cfc15e0775b817c69
Author:     Moritz Buhl <g...@moritzbuhl.de>
AuthorDate: 2019-07-09 15:03:37 +0000
Commit:     Warner Losh <i...@freebsd.org>
CommitDate: 2021-06-02 19:22:57 +0000

    kern: fail getgroup and setgroup with negative int
    
    Found using
    https://github.com/NetBSD/src/blob/trunk/tests/lib/libc/sys/t_getgroups.c
    
    getgroups/setgroups want an int and therefore casting it to u_int
    resulted in `getgroups(-1, ...)` not returning -1 / errno = EINVAL.
    
    imp@ updated syscall.master and made changes markj@ suggested
    
    PR:                     189941
    Tested by:              imp@
    Reviewed by:            markj@
    Pull Request:           https://github.com/freebsd/freebsd-src/pull/407
    Differential Revision:  https://reviews.freebsd.org/D30617
---
 sys/kern/kern_prot.c     | 12 +++++-------
 sys/kern/syscalls.master |  4 ++--
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index a107c7cced95..647acfa60681 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -288,7 +288,7 @@ sys_getegid(struct thread *td, struct getegid_args *uap)
 
 #ifndef _SYS_SYSPROTO_H_
 struct getgroups_args {
-       u_int   gidsetsize;
+       int     gidsetsize;
        gid_t   *gidset;
 };
 #endif
@@ -296,8 +296,7 @@ int
 sys_getgroups(struct thread *td, struct getgroups_args *uap)
 {
        struct ucred *cred;
-       u_int ngrp;
-       int error;
+       int ngrp, error;
 
        cred = td->td_ucred;
        ngrp = cred->cr_ngroups;
@@ -791,7 +790,7 @@ fail:
 
 #ifndef _SYS_SYSPROTO_H_
 struct setgroups_args {
-       u_int   gidsetsize;
+       int     gidsetsize;
        gid_t   *gidset;
 };
 #endif
@@ -801,11 +800,10 @@ sys_setgroups(struct thread *td, struct setgroups_args 
*uap)
 {
        gid_t smallgroups[XU_NGROUPS];
        gid_t *groups;
-       u_int gidsetsize;
-       int error;
+       int gidsetsize, error;
 
        gidsetsize = uap->gidsetsize;
-       if (gidsetsize > ngroups_max + 1)
+       if (gidsetsize > ngroups_max + 1 || gidsetsize < 0)
                return (EINVAL);
 
        if (gidsetsize > XU_NGROUPS)
diff --git a/sys/kern/syscalls.master b/sys/kern/syscalls.master
index 95317d413209..69a82d642d79 100644
--- a/sys/kern/syscalls.master
+++ b/sys/kern/syscalls.master
@@ -523,13 +523,13 @@
        }
 79     AUE_GETGROUPS   STD {
                int getgroups(
-                   u_int gidsetsize,
+                   int gidsetsize,
                    _Out_writes_opt_(gidsetsize) gid_t *gidset
                );
        }
 80     AUE_SETGROUPS   STD {
                int setgroups(
-                   u_int gidsetsize,
+                   int gidsetsize,
                    _In_reads_(gidsetsize) gid_t *gidset
                );
        }
_______________________________________________
dev-commits-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-all
To unsubscribe, send any mail to "dev-commits-src-all-unsubscr...@freebsd.org"

Reply via email to