diff options
| -rw-r--r-- | lib/libc/gen/initgroups.c | 11 | ||||
| -rw-r--r-- | sbin/mountd/mountd.c | 11 | ||||
| -rw-r--r-- | usr.bin/id/id.c | 23 | ||||
| -rw-r--r-- | usr.bin/ssh/groupaccess.c | 11 | ||||
| -rw-r--r-- | usr.sbin/authpf/authpf.c | 13 |
5 files changed, 48 insertions, 21 deletions
diff --git a/lib/libc/gen/initgroups.c b/lib/libc/gen/initgroups.c index 8f60409dcfd..c19e5c8ddd2 100644 --- a/lib/libc/gen/initgroups.c +++ b/lib/libc/gen/initgroups.c @@ -1,4 +1,4 @@ -/* $OpenBSD: initgroups.c,v 1.11 2019/06/28 13:32:41 deraadt Exp $ */ +/* $OpenBSD: initgroups.c,v 1.12 2024/11/04 21:59:15 jca Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -37,10 +37,13 @@ int initgroups(const char *uname, gid_t agroup) { gid_t groups[NGROUPS_MAX]; - int ngroups; + int maxgroups, ngroups; - ngroups = NGROUPS_MAX; - (void) getgrouplist(uname, agroup, groups, &ngroups); + maxgroups = ngroups = NGROUPS_MAX; + if (getgrouplist(uname, agroup, groups, &ngroups) == -1) { + /* Silently truncate group list */ + ngroups = maxgroups; + } if (setgroups(ngroups, groups) == -1) return (-1); return (0); diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index 0ca61b39eb4..943b2fe7fad 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mountd.c,v 1.92 2024/05/21 05:00:47 jsg Exp $ */ +/* $OpenBSD: mountd.c,v 1.93 2024/11/04 21:59:15 jca Exp $ */ /* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */ /* @@ -2157,7 +2157,7 @@ parsecred(char *namelist, struct xucred *cr) char *name, *names; struct passwd *pw; struct group *gr; - int ngroups, cnt; + int maxgroups, ngroups, cnt; /* * Set up the unprivileged user. @@ -2182,9 +2182,12 @@ parsecred(char *namelist, struct xucred *cr) return; } cr->cr_uid = pw->pw_uid; - ngroups = NGROUPS_MAX + 1; - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups)) + maxgroups = ngroups = NGROUPS_MAX + 1; + if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) { syslog(LOG_ERR, "Too many groups for %s: %m", pw->pw_name); + /* Truncate group list */ + ngroups = maxgroups; + } /* * compress out duplicate */ diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c index bb1ebc0e3fd..02c3d2a1e98 100644 --- a/usr.bin/id/id.c +++ b/usr.bin/id/id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: id.c,v 1.30 2023/05/30 16:44:16 op Exp $ */ +/* $OpenBSD: id.c,v 1.31 2024/11/04 21:59:15 jca Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -269,7 +269,7 @@ void user(struct passwd *pw) { gid_t gid, groups[NGROUPS_MAX + 1]; - int cnt, ngroups; + int cnt, maxgroups, ngroups; uid_t uid; struct group *gr; char *prefix; @@ -279,8 +279,11 @@ user(struct passwd *pw) (void)printf(" gid=%u", pw->pw_gid); if ((gr = getgrgid(pw->pw_gid))) (void)printf("(%s)", gr->gr_name); - ngroups = NGROUPS_MAX + 1; - (void) getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + maxgroups = ngroups = NGROUPS_MAX + 1; + if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) { + /* Silently truncate group list */ + ngroups = maxgroups; + } prefix = " groups="; for (cnt = 0; cnt < ngroups;) { gid = groups[cnt]; @@ -298,14 +301,20 @@ user(struct passwd *pw) void group(struct passwd *pw, int nflag) { - int cnt, ngroups; + int cnt, maxgroups, ngroups; gid_t gid, groups[NGROUPS_MAX + 1]; struct group *gr; char *prefix; if (pw) { - ngroups = NGROUPS_MAX + 1; - (void) getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + int ret; + + maxgroups = ngroups = NGROUPS_MAX + 1; + ret = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + if (ret == -1) { + /* Silently truncate group list */ + ngroups = maxgroups; + } } else { groups[0] = getgid(); ngroups = getgroups(NGROUPS_MAX, groups + 1) + 1; diff --git a/usr.bin/ssh/groupaccess.c b/usr.bin/ssh/groupaccess.c index 69fd007fe15..5303688ba03 100644 --- a/usr.bin/ssh/groupaccess.c +++ b/usr.bin/ssh/groupaccess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: groupaccess.c,v 1.17 2019/03/06 22:14:23 dtucker Exp $ */ +/* $OpenBSD: groupaccess.c,v 1.18 2024/11/04 21:59:15 jca Exp $ */ /* * Copyright (c) 2001 Kevin Steves. All rights reserved. * @@ -48,15 +48,18 @@ int ga_init(const char *user, gid_t base) { gid_t groups_bygid[NGROUPS_MAX + 1]; - int i, j; + int i, j, maxgroups; struct group *gr; if (ngroups > 0) ga_free(); - ngroups = sizeof(groups_bygid) / sizeof(gid_t); - if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) + maxgroups = ngroups = sizeof(groups_bygid) / sizeof(gid_t); + if (getgrouplist(user, base, groups_bygid, &ngroups) == -1) { logit("getgrouplist: groups list too small"); + /* Truncate group list */ + ngroups = maxgroups; + } for (i = 0, j = 0; i < ngroups; i++) if ((gr = getgrgid(groups_bygid[i])) != NULL) groups_byname[j++] = xstrdup(gr->gr_name); diff --git a/usr.sbin/authpf/authpf.c b/usr.sbin/authpf/authpf.c index 67d2f723705..bc410c0631c 100644 --- a/usr.sbin/authpf/authpf.c +++ b/usr.sbin/authpf/authpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authpf.c,v 1.129 2022/01/28 06:33:26 guenther Exp $ */ +/* $OpenBSD: authpf.c,v 1.130 2024/11/04 21:59:15 jca Exp $ */ /* * Copyright (C) 1998 - 2007 Bob Beck (beck@openbsd.org). @@ -528,8 +528,17 @@ allowed_luser(struct passwd *pw) } if (!gl_init) { - (void) getgrouplist(pw->pw_name, + int maxgroups, ret; + + maxgroups = ngroups; + ret = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups); + if (ret == -1) { + /* + * Silently truncate group list + */ + ngroups = maxgroups; + } gl_init++; } |