nfsuserd: Fix OOB access on membership of too many groups

getgrouplist() sets the variable containing the allocated length in
input to the full effective group list length, not the number of slots
that were actually filled in case the passed array is too small to
contain it.

While here, on this condition, improve the error message by outputting
the corresponding user name.

MFC after:      1 hour
Fixes:          e6c623c86a ("Add support for the "-manage-gids" option to the nfsuserd daemon.")
Sponsored by:   The FreeBSD Foundation
This commit is contained in:
Olivier Certner
2025-10-09 11:19:37 +02:00
parent f554455675
commit bb339adfb2
+11 -4
View File
@@ -421,8 +421,12 @@ main(int argc, char *argv[])
/* Get the group list for this user. */
ngroup = NGROUPS;
if (getgrouplist(pwd->pw_name, pwd->pw_gid, grps,
&ngroup) < 0)
syslog(LOG_ERR, "Group list too small");
&ngroup) < 0) {
syslog(LOG_ERR,
"Group list of user '%s' too big",
pwd->pw_name);
ngroup = NGROUPS;
}
nid.nid_ngroup = ngroup;
nid.nid_grps = grps;
} else {
@@ -621,8 +625,11 @@ nfsuserdsrv(struct svc_req *rqstp, SVCXPRT *transp)
/* Get the group list for this user. */
ngroup = NGROUPS;
if (getgrouplist(pwd->pw_name, pwd->pw_gid,
grps, &ngroup) < 0)
syslog(LOG_ERR, "Group list too small");
grps, &ngroup) < 0) {
syslog(LOG_ERR,
"Group list of user '%s' too big",
pwd->pw_name);
}
nid.nid_ngroup = ngroup;
nid.nid_grps = grps;
} else {