From 08f5e06c5e3332de231a664ffd6f7856e9fead07 Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Fri, 15 Aug 2025 10:08:18 -0500 Subject: [PATCH] kern: fix freebsd14 getgroups(2) compat We need to actually copyout the remainder of the groups if the egid succeeded, not failed. My test that was designed to catch this along with the previously-found syzkaller panic did not zero out the groups array prior to re-fetching, so it did not catch that entries beyond the first were not actually populated. Pointy hat: kevans Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]") --- sys/kern/kern_prot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index beab30a9d15..dac0e40b059 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -332,7 +332,7 @@ freebsd14_getgroups(struct thread *td, struct freebsd14_getgroups_args *uap) } error = copyout(&cred->cr_gid, uap->gidset, sizeof(gid_t)); - if (error != 0) + if (error == 0) error = copyout(cred->cr_groups, uap->gidset + 1, (ngrp - 1) * sizeof(gid_t));