summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2005-12-27 08:58:04 +0000
committerMike Frysinger <vapier@gentoo.org>2005-12-27 08:58:04 +0000
commite66dfe1d633d43d946c798627173a67282c948e5 (patch)
tree8ed4bb6764e049f2275a960d5ec312c8443712e2
parent66376169bf21dc26f447a8f64bd6f8c8cd27c139 (diff)
Aubrey writes:
When I mounted nfs on my target, the kernel crashed. And I found it was caused by stack overflow. When I digged into it. And I found not only "setgroups.c" but "getgroups.c" have the matrix (__kernel_gid_t kernel_groups[n]) on the stack which can be very large because "n" can be assigned to NGROUPS_MAX. And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h" #define NGROUPS_MAX 65536 /* supplemental group IDs are available */ I also changed it to do malloc.
-rw-r--r--libc/sysdeps/linux/common/getgroups.c10
-rw-r--r--libc/sysdeps/linux/common/setgroups.c16
2 files changed, 21 insertions, 5 deletions
diff --git a/libc/sysdeps/linux/common/getgroups.c b/libc/sysdeps/linux/common/getgroups.c
index c863489b9..b2918c6d9 100644
--- a/libc/sysdeps/linux/common/getgroups.c
+++ b/libc/sysdeps/linux/common/getgroups.c
@@ -10,6 +10,7 @@
#define sysconf __sysconf
#include "syscalls.h"
+#include <stdlib.h>
#include <unistd.h>
#define MIN(a,b) (((a)<(b))?(a):(b))
@@ -21,11 +22,17 @@ static inline _syscall2(int, __syscall_getgroups,
int attribute_hidden __getgroups(int n, gid_t * groups)
{
if (unlikely(n < 0)) {
+ret_error:
__set_errno(EINVAL);
return -1;
} else {
int i, ngids;
- __kernel_gid_t kernel_groups[n = MIN(n, sysconf(_SC_NGROUPS_MAX))];
+ __kernel_gid_t *kernel_groups;
+
+ n = MIN(n, sysconf(_SC_NGROUPS_MAX));
+ kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n);
+ if (kernel_groups == NULL)
+ goto ret_error;
ngids = __syscall_getgroups(n, kernel_groups);
if (n != 0 && ngids > 0) {
@@ -33,6 +40,7 @@ int attribute_hidden __getgroups(int n, gid_t * groups)
groups[i] = kernel_groups[i];
}
}
+ free(kernel_groups);
return ngids;
}
}
diff --git a/libc/sysdeps/linux/common/setgroups.c b/libc/sysdeps/linux/common/setgroups.c
index 96428edb3..21823ad9b 100644
--- a/libc/sysdeps/linux/common/setgroups.c
+++ b/libc/sysdeps/linux/common/setgroups.c
@@ -10,6 +10,7 @@
#define sysconf __sysconf
#include "syscalls.h"
+#include <stdlib.h>
#include <unistd.h>
#include <grp.h>
@@ -20,20 +21,27 @@ static inline _syscall2(int, __syscall_setgroups,
int attribute_hidden __setgroups(size_t n, const gid_t * groups)
{
if (n > (size_t) sysconf(_SC_NGROUPS_MAX)) {
+ret_error:
__set_errno(EINVAL);
return -1;
} else {
size_t i;
- __kernel_gid_t kernel_groups[n];
+ __kernel_gid_t *kernel_groups;
+
+ kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n);
+ if (kernel_groups == NULL)
+ goto ret_error;
for (i = 0; i < n; i++) {
kernel_groups[i] = (groups)[i];
if (groups[i] != (gid_t) ((__kernel_gid_t) groups[i])) {
- __set_errno(EINVAL);
- return -1;
+ goto ret_error;
}
}
- return (__syscall_setgroups(n, kernel_groups));
+
+ i = __syscall_setgroups(n, kernel_groups);
+ free(kernel_groups);
+ return i;
}
}
strong_alias(__setgroups,setgroups)