From 3df4092261b0ebf8b6273ff3a4872aab9ca37966 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 17 Apr 2017 14:30:04 -0700 Subject: [PATCH 1/2] s3:lib: Fix incorrect logic in sys_broken_getgroups() If setlen == 0 then the second argument must be ignored. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit 60af864f751706c48b8af448700bf06e33e45946) --- source3/lib/system.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/source3/lib/system.c b/source3/lib/system.c index 3d3eeeda7c4..99462b631c7 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -790,12 +790,11 @@ int groups_max(void) static int sys_broken_getgroups(int setlen, gid_t *gidset) { - GID_T gid; GID_T *group_list; int i, ngroups; if(setlen == 0) { - return getgroups(setlen, &gid); + return getgroups(0, NULL); } /* @@ -808,9 +807,6 @@ static int sys_broken_getgroups(int setlen, gid_t *gidset) return -1; } - if (setlen == 0) - setlen = groups_max(); - if((group_list = SMB_MALLOC_ARRAY(GID_T, setlen)) == NULL) { DEBUG(0,("sys_getgroups: Malloc fail.\n")); return -1; @@ -823,6 +819,12 @@ static int sys_broken_getgroups(int setlen, gid_t *gidset) return -1; } + /* + * We're safe here as if ngroups > setlen then + * getgroups *must* return EINVAL. + * pubs.opengroup.org/onlinepubs/009695399/functions/getgroups.html + */ + for(i = 0; i < ngroups; i++) gidset[i] = (gid_t)group_list[i]; -- 2.12.2.816.g2cccc81164-goog From ce99e462b62aa4e276f6283604cf4e57c0b865c1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 17 Apr 2017 14:30:54 -0700 Subject: [PATCH 2/2] s3:smbd: Fix incorrect use of sys_getgroups() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Second arg must be NULL when first arg is 0 (it is in all other places). Bug report and patch from Hanno Böck BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144 (cherry picked from commit 76b351e907f67cc7d4af4e7d800c7a3aa1269ee8) --- source3/smbd/sec_ctx.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 33d987fbe70..5e0710e0ecb 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -139,7 +139,6 @@ static void gain_root(void) static int get_current_groups(gid_t gid, uint32_t *p_ngroups, gid_t **p_groups) { int i; - gid_t grp; int ngroups; gid_t *groups = NULL; @@ -153,7 +152,7 @@ static int get_current_groups(gid_t gid, uint32_t *p_ngroups, gid_t **p_groups) set_effective_gid(gid); samba_setgid(gid); - ngroups = sys_getgroups(0,&grp); + ngroups = sys_getgroups(0, NULL); if (ngroups <= 0) { goto fail; } -- 2.12.2.816.g2cccc81164-goog