From 593a0b65c55c1e06a8c22b084aefc395aedb0127 Mon Sep 17 00:00:00 2001
From: "jca@openbsd.org" <jca@openbsd.org>
Date: Mon, 4 Nov 2024 21:59:15 +0000
Subject: [PATCH] upstream: Ignore extra groups that don't fit in the buffer
 passed

to getgrouplist(3)

Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups.  With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3).  That behavior is explicitely described in initgroups(3).

ok millert@ gilles@

OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db
---
 .skipped-commit-ids | 1 +
 groupaccess.c       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/.skipped-commit-ids b/.skipped-commit-ids
index ec7831e5f..474be6a34 100644
--- a/.skipped-commit-ids
+++ b/.skipped-commit-ids
@@ -37,6 +37,7 @@ ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3	Makefile relinking changes
 fb39324748824cb0387e9d67c41d1bef945c54ea	Makefile change
 5f378c38ad8976d507786dc4db9283a879ec8cd0	Makefile change
 112aacedd3b61cc5c34b1fa6d9fb759214179172	Makefile change
+a959fc45ea3431b36f52eda04faefc58bcde00db	groupaccess.c changes
 
 Old upstream tree:
 
diff --git a/groupaccess.c b/groupaccess.c
index 80d301915..9d03ded0c 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.17 2019/03/06 22:14:23 dtucker Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.18 2024/11/04 21:59:15 jca Exp $ */
 /*
  * Copyright (c) 2001 Kevin Steves.  All rights reserved.
  *