From e66dfe1d633d43d946c798627173a67282c948e5 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Tue, 27 Dec 2005 08:58:04 +0000 Subject: Aubrey writes: When I mounted nfs on my target, the kernel crashed. And I found it was caused by stack overflow. When I digged into it. And I found not only "setgroups.c" but "getgroups.c" have the matrix (__kernel_gid_t kernel_groups[n]) on the stack which can be very large because "n" can be assigned to NGROUPS_MAX. And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h" #define NGROUPS_MAX 65536 /* supplemental group IDs are available */ I also changed it to do malloc. --- libc/sysdeps/linux/common/setgroups.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'libc/sysdeps/linux/common/setgroups.c') diff --git a/libc/sysdeps/linux/common/setgroups.c b/libc/sysdeps/linux/common/setgroups.c index 96428edb3..21823ad9b 100644 --- a/libc/sysdeps/linux/common/setgroups.c +++ b/libc/sysdeps/linux/common/setgroups.c @@ -10,6 +10,7 @@ #define sysconf __sysconf #include "syscalls.h" +#include #include #include @@ -20,20 +21,27 @@ static inline _syscall2(int, __syscall_setgroups, int attribute_hidden __setgroups(size_t n, const gid_t * groups) { if (n > (size_t) sysconf(_SC_NGROUPS_MAX)) { +ret_error: __set_errno(EINVAL); return -1; } else { size_t i; - __kernel_gid_t kernel_groups[n]; + __kernel_gid_t *kernel_groups; + + kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n); + if (kernel_groups == NULL) + goto ret_error; for (i = 0; i < n; i++) { kernel_groups[i] = (groups)[i]; if (groups[i] != (gid_t) ((__kernel_gid_t) groups[i])) { - __set_errno(EINVAL); - return -1; + goto ret_error; } } - return (__syscall_setgroups(n, kernel_groups)); + + i = __syscall_setgroups(n, kernel_groups); + free(kernel_groups); + return i; } } strong_alias(__setgroups,setgroups) -- cgit v1.2.3