From f78fb056761deccb2a1af01296d138c7d512c116 Mon Sep 17 00:00:00 2001
From: Thomas Veerman <thomas@minix3.org>
Date: Thu, 8 Sep 2011 12:23:03 +0000
Subject: [PATCH] Check group range for sanity

---
 servers/ext2/protect.c | 6 +++++-
 servers/mfs/pipe.c     | 1 +
 servers/mfs/protect.c  | 6 +++++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/servers/ext2/protect.c b/servers/ext2/protect.c
index 952e6f74e..9fdfe50a5 100644
--- a/servers/ext2/protect.c
+++ b/servers/ext2/protect.c
@@ -129,7 +129,11 @@ PUBLIC int forbidden(register struct inode *rip, mode_t access_desired)
 PRIVATE int in_group(gid_t grp)
 {
   int i;
-  for(i = 0; i < credentials.vu_ngroups; i++)
+
+  if (credentials.vu_ngroups >= NGROUPS_MAX)
+	return(EINVAL);
+
+  for (i = 0; i < credentials.vu_ngroups; i++)
 	if (credentials.vu_sgroups[i] == grp)
 		return(OK);
 
diff --git a/servers/mfs/pipe.c b/servers/mfs/pipe.c
index e69de29bb..8b1378917 100644
--- a/servers/mfs/pipe.c
+++ b/servers/mfs/pipe.c
@@ -0,0 +1 @@
+
diff --git a/servers/mfs/protect.c b/servers/mfs/protect.c
index 4f80adb37..0a6d01afb 100644
--- a/servers/mfs/protect.c
+++ b/servers/mfs/protect.c
@@ -123,7 +123,11 @@ PUBLIC int forbidden(register struct inode *rip, mode_t access_desired)
 PRIVATE int in_group(gid_t grp)
 {
   int i;
-  for(i = 0; i < credentials.vu_ngroups; i++)
+
+  if (credentials.vu_ngroups >= NGROUPS_MAX)
+	return(EINVAL);
+
+  for (i = 0; i < credentials.vu_ngroups; i++)
   	if (credentials.vu_sgroups[i] == grp)
   		return(OK);
 
-- 
2.44.0