atmos
/
fortify-headers
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add getgroups() check 

Since getgroups() will never write more than NGROUPS_MAX entries
we might as well cap len to that value.

The following should probably not trap the program:

gid_t set[NGROUPS_MAX];
getgroups(NGROUPS_MAX + 1, set);
This commit is contained in:
sin 2015-02-28 12:00:25 +00:00
parent 60a7076816
commit 195fffa420
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
include/unistd.h
View File

@ -40,6 +40,17 @@ __fortify_getdomainname(char *name, size_t len)
}
#endif
static inline __attribute__ ((always_inline))
int
__fortify_getgroups(int len, gid_t *set)
{
size_t bos = __builtin_object_size(set, 0);
if (bos != -1 && len > bos / sizeof(gid_t))
__builtin_trap();
return getgroups(len, set);
}
static inline __attribute__ ((always_inline))
int
__fortify_gethostname(char *name, size_t len)
@ -105,6 +116,8 @@ __fortify_write(int fd, const void *buf, size_t n)
#define getdomainname(name, len) __fortify_getdomainname(name, len)
#endif
#undef getgroups
#define getgroups(len, set) __fortify_getgroups(len, set)
#undef gethostname
#define gethostname(name, len) __fortify_gethostname(name, len)
#undef getlogin_r