diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-22 15:26:53 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-22 15:53:34 -0300 |
commit | 615ce15623d152122f7bf8369d834c3561b1e468 (patch) | |
tree | f952e837aebbfe55d7d8143e11e1833a25b8ba49 | |
parent | util.c: [ref] move group find/copy into new functions (diff) | |
download | firejail-615ce15623d152122f7bf8369d834c3561b1e468.tar.gz firejail-615ce15623d152122f7bf8369d834c3561b1e468.tar.zst firejail-615ce15623d152122f7bf8369d834c3561b1e468.zip |
util.c: check array size on copy_group_ifcont
Check if new_groups already is full before trying to add to it.
-rw-r--r-- | src/firejail/util.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/firejail/util.c b/src/firejail/util.c index 6fc8a663f..5bb5c257b 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -117,13 +117,19 @@ static int find_group(gid_t group, const gid_t *groups, int ngroups) { | |||
117 | // "groups". Always returns the current value of new_ngroups. | 117 | // "groups". Always returns the current value of new_ngroups. |
118 | static int copy_group_ifcont(const char *groupname, | 118 | static int copy_group_ifcont(const char *groupname, |
119 | const gid_t *groups, int ngroups, | 119 | const gid_t *groups, int ngroups, |
120 | gid_t *new_groups, int *new_ngroups) { | 120 | gid_t *new_groups, int *new_ngroups, int new_sz) { |
121 | if (*new_ngroups >= new_sz) { | ||
122 | errno = ERANGE; | ||
123 | goto out; | ||
124 | } | ||
125 | |||
121 | gid_t g = get_group_id(groupname); | 126 | gid_t g = get_group_id(groupname); |
122 | if (g && find_group(g, groups, ngroups) >= 0) { | 127 | if (g && find_group(g, groups, ngroups) >= 0) { |
123 | new_groups[*new_ngroups] = g; | 128 | new_groups[*new_ngroups] = g; |
124 | (*new_ngroups)++; | 129 | (*new_ngroups)++; |
125 | } | 130 | } |
126 | 131 | ||
132 | out: | ||
127 | return *new_ngroups; | 133 | return *new_ngroups; |
128 | } | 134 | } |
129 | 135 | ||
@@ -151,7 +157,7 @@ static void clean_supplementary_groups(gid_t gid) { | |||
151 | int i = 0; | 157 | int i = 0; |
152 | while (allowed[i]) { | 158 | while (allowed[i]) { |
153 | copy_group_ifcont(allowed[i], groups, ngroups, | 159 | copy_group_ifcont(allowed[i], groups, ngroups, |
154 | new_groups, &new_ngroups); | 160 | new_groups, &new_ngroups, MAX_GROUPS); |
155 | i++; | 161 | i++; |
156 | } | 162 | } |
157 | 163 | ||