mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-19 08:34:32 +00:00
upstream commit
Don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer. Based on a patch from mail at quitesimple.org, ok djm deraadt Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
This commit is contained in:
parent
5c15e22c69
commit
63b78d003b
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: uidswap.c,v 1.37 2015/01/16 06:40:12 deraadt Exp $ */
|
||||
/* $OpenBSD: uidswap.c,v 1.38 2015/06/22 12:29:57 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -113,7 +113,7 @@ temporarily_use_uid(struct passwd *pw)
|
||||
}
|
||||
}
|
||||
/* Set the effective uid to the given (unprivileged) uid. */
|
||||
if (setgroups(user_groupslen, user_groups) < 0)
|
||||
if (user_groupslen > 0 && setgroups(user_groupslen, user_groups) < 0)
|
||||
fatal("setgroups: %.100s", strerror(errno));
|
||||
#ifndef SAVED_IDS_WORK_WITH_SETEUID
|
||||
/* Propagate the privileged gid to all of our gids. */
|
||||
@ -187,7 +187,8 @@ restore_uid(void)
|
||||
setgid(getgid());
|
||||
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
|
||||
|
||||
if (setgroups(saved_egroupslen, saved_egroups) < 0)
|
||||
if (saved_egroupslen > 0 &&
|
||||
setgroups(saved_egroupslen, saved_egroups) < 0)
|
||||
fatal("setgroups: %.100s", strerror(errno));
|
||||
temporarily_use_uid_effective = 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user