diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 08:58:04 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 08:58:04 +0000 |
commit | e66dfe1d633d43d946c798627173a67282c948e5 (patch) | |
tree | 8ed4bb6764e049f2275a960d5ec312c8443712e2 | |
parent | 66376169bf21dc26f447a8f64bd6f8c8cd27c139 (diff) |
Aubrey writes:
When I mounted nfs on my target, the kernel crashed. And I found it
was caused by stack overflow. When I digged into it.
And I found not only "setgroups.c" but
"getgroups.c" have the matrix (__kernel_gid_t kernel_groups[n]) on the
stack which can be very large because "n" can be assigned to
NGROUPS_MAX.
And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h"
#define NGROUPS_MAX 65536 /* supplemental group IDs are available */
I also changed it to do malloc.
-rw-r--r-- | libc/sysdeps/linux/common/getgroups.c | 10 | ||||
-rw-r--r-- | libc/sysdeps/linux/common/setgroups.c | 16 |
2 files changed, 21 insertions, 5 deletions
diff --git a/libc/sysdeps/linux/common/getgroups.c b/libc/sysdeps/linux/common/getgroups.c index c863489b9..b2918c6d9 100644 --- a/libc/sysdeps/linux/common/getgroups.c +++ b/libc/sysdeps/linux/common/getgroups.c @@ -10,6 +10,7 @@ #define sysconf __sysconf #include "syscalls.h" +#include <stdlib.h> #include <unistd.h> #define MIN(a,b) (((a)<(b))?(a):(b)) @@ -21,11 +22,17 @@ static inline _syscall2(int, __syscall_getgroups, int attribute_hidden __getgroups(int n, gid_t * groups) { if (unlikely(n < 0)) { +ret_error: __set_errno(EINVAL); return -1; } else { int i, ngids; - __kernel_gid_t kernel_groups[n = MIN(n, sysconf(_SC_NGROUPS_MAX))]; + __kernel_gid_t *kernel_groups; + + n = MIN(n, sysconf(_SC_NGROUPS_MAX)); + kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n); + if (kernel_groups == NULL) + goto ret_error; ngids = __syscall_getgroups(n, kernel_groups); if (n != 0 && ngids > 0) { @@ -33,6 +40,7 @@ int attribute_hidden __getgroups(int n, gid_t * groups) groups[i] = kernel_groups[i]; } } + free(kernel_groups); return ngids; } } diff --git a/libc/sysdeps/linux/common/setgroups.c b/libc/sysdeps/linux/common/setgroups.c index 96428edb3..21823ad9b 100644 --- a/libc/sysdeps/linux/common/setgroups.c +++ b/libc/sysdeps/linux/common/setgroups.c @@ -10,6 +10,7 @@ #define sysconf __sysconf #include "syscalls.h" +#include <stdlib.h> #include <unistd.h> #include <grp.h> @@ -20,20 +21,27 @@ static inline _syscall2(int, __syscall_setgroups, int attribute_hidden __setgroups(size_t n, const gid_t * groups) { if (n > (size_t) sysconf(_SC_NGROUPS_MAX)) { +ret_error: __set_errno(EINVAL); return -1; } else { size_t i; - __kernel_gid_t kernel_groups[n]; + __kernel_gid_t *kernel_groups; + + kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n); + if (kernel_groups == NULL) + goto ret_error; for (i = 0; i < n; i++) { kernel_groups[i] = (groups)[i]; if (groups[i] != (gid_t) ((__kernel_gid_t) groups[i])) { - __set_errno(EINVAL); - return -1; + goto ret_error; } } - return (__syscall_setgroups(n, kernel_groups)); + + i = __syscall_setgroups(n, kernel_groups); + free(kernel_groups); + return i; } } strong_alias(__setgroups,setgroups) |