summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-12-27 09:03:53 +0000
committerMike Frysinger <vapier@gentoo.org>2005-12-27 09:03:53 +0000
commit766709000aca35c4851cdb9b84e78db52ed8290d (patch)
treeb38a6e4b8a4c1ca551ae6e08f167c91fc9c922f8
parentb000e6fce32974a2c6936f94b0e9795de63b10ae (diff)
2005-12-15 Aubrey.Li <aubreylee@gmail.com> writes:
When I mounted nfs on my target, the kernel crashed. And I found it was caused by stack overflow. When I digged into it. I found the following issue. In the file "./uClibc/libc/inet/rpc/auth_unix.c" int max_nr_groups = sysconf (_SC_NGROUPS_MAX); gid_t gids[max_nr_groups]; And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h" #define NGROUPS_MAX 65536 /* supplemental group IDs are available */ OK, here we can know max_nr_groups is assigned to 65536, that means a huge matrix "gids[65536] is in the function **authunix_create_default**. My method is doing it by malloc, the patch as follows.
-rw-r--r--libc/inet/rpc/auth_unix.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/libc/inet/rpc/auth_unix.c b/libc/inet/rpc/auth_unix.c
index 65554147d..3cb286cc4 100644
--- a/libc/inet/rpc/auth_unix.c
+++ b/libc/inet/rpc/auth_unix.c
@@ -183,7 +183,12 @@ __authunix_create_default (void)
uid_t uid;
gid_t gid;
int max_nr_groups = sysconf (_SC_NGROUPS_MAX);
- gid_t gids[max_nr_groups];
+ gid_t *gids;
+ AUTH *ret_auth;
+
+ gids = (gid_t*)malloc(sizeof(*gids) * max_nr_groups);
+ if (gids == NULL)
+ abort ();
if (gethostname (machname, MAX_MACHINE_NAME) == -1)
abort ();
@@ -196,7 +201,9 @@ __authunix_create_default (void)
/* This braindamaged Sun code forces us here to truncate the
list of groups to NGRPS members since the code in
authuxprot.c transforms a fixed array. Grrr. */
- return __authunix_create (machname, uid, gid, MIN (NGRPS, len), gids);
+ ret_auth = __authunix_create (machname, uid, gid, MIN (NGRPS, len), gids);
+ free (gids);
+ return ret_auth;
}
strong_alias(__authunix_create_default,authunix_create_default)