From: Thomas Veerman Date: Thu, 8 Sep 2011 12:23:03 +0000 (+0000) Subject: Check group range for sanity X-Git-Tag: v3.2.0~314 X-Git-Url: http://zhaoyanbai.com/repos/%22http:/www.isc.org/icons/verify-sign/verify.pl?a=commitdiff_plain;h=f78fb056761deccb2a1af01296d138c7d512c116;p=minix.git Check group range for sanity --- diff --git a/servers/ext2/protect.c b/servers/ext2/protect.c index 952e6f74e..9fdfe50a5 100644 --- a/servers/ext2/protect.c +++ b/servers/ext2/protect.c @@ -129,7 +129,11 @@ PUBLIC int forbidden(register struct inode *rip, mode_t access_desired) PRIVATE int in_group(gid_t grp) { int i; - for(i = 0; i < credentials.vu_ngroups; i++) + + if (credentials.vu_ngroups >= NGROUPS_MAX) + return(EINVAL); + + for (i = 0; i < credentials.vu_ngroups; i++) if (credentials.vu_sgroups[i] == grp) return(OK); diff --git a/servers/mfs/pipe.c b/servers/mfs/pipe.c index e69de29bb..8b1378917 100644 --- a/servers/mfs/pipe.c +++ b/servers/mfs/pipe.c @@ -0,0 +1 @@ + diff --git a/servers/mfs/protect.c b/servers/mfs/protect.c index 4f80adb37..0a6d01afb 100644 --- a/servers/mfs/protect.c +++ b/servers/mfs/protect.c @@ -123,7 +123,11 @@ PUBLIC int forbidden(register struct inode *rip, mode_t access_desired) PRIVATE int in_group(gid_t grp) { int i; - for(i = 0; i < credentials.vu_ngroups; i++) + + if (credentials.vu_ngroups >= NGROUPS_MAX) + return(EINVAL); + + for (i = 0; i < credentials.vu_ngroups; i++) if (credentials.vu_sgroups[i] == grp) return(OK);