diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 09:03:53 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 09:03:53 +0000 |
commit | 766709000aca35c4851cdb9b84e78db52ed8290d (patch) | |
tree | b38a6e4b8a4c1ca551ae6e08f167c91fc9c922f8 /libc/inet | |
parent | b000e6fce32974a2c6936f94b0e9795de63b10ae (diff) |
2005-12-15 Aubrey.Li <aubreylee@gmail.com> writes:
When I mounted nfs on my target, the kernel crashed. And I found it
was caused by stack overflow. When I digged into it. I found the
following issue.
In the file "./uClibc/libc/inet/rpc/auth_unix.c"
int max_nr_groups = sysconf (_SC_NGROUPS_MAX);
gid_t gids[max_nr_groups];
And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h"
#define NGROUPS_MAX 65536 /* supplemental group IDs are available */
OK, here we can know max_nr_groups is assigned to 65536, that means a
huge matrix "gids[65536] is in the function **authunix_create_default**.
My method is doing it by malloc, the patch as follows.
Diffstat (limited to 'libc/inet')
-rw-r--r-- | libc/inet/rpc/auth_unix.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/libc/inet/rpc/auth_unix.c b/libc/inet/rpc/auth_unix.c index 65554147d..3cb286cc4 100644 --- a/libc/inet/rpc/auth_unix.c +++ b/libc/inet/rpc/auth_unix.c @@ -183,7 +183,12 @@ __authunix_create_default (void) uid_t uid; gid_t gid; int max_nr_groups = sysconf (_SC_NGROUPS_MAX); - gid_t gids[max_nr_groups]; + gid_t *gids; + AUTH *ret_auth; + + gids = (gid_t*)malloc(sizeof(*gids) * max_nr_groups); + if (gids == NULL) + abort (); if (gethostname (machname, MAX_MACHINE_NAME) == -1) abort (); @@ -196,7 +201,9 @@ __authunix_create_default (void) /* This braindamaged Sun code forces us here to truncate the list of groups to NGRPS members since the code in authuxprot.c transforms a fixed array. Grrr. */ - return __authunix_create (machname, uid, gid, MIN (NGRPS, len), gids); + ret_auth = __authunix_create (machname, uid, gid, MIN (NGRPS, len), gids); + free (gids); + return ret_auth; } strong_alias(__authunix_create_default,authunix_create_default) |