diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 08:58:04 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-12-27 08:58:04 +0000 |
commit | e66dfe1d633d43d946c798627173a67282c948e5 (patch) | |
tree | 8ed4bb6764e049f2275a960d5ec312c8443712e2 /libc/sysdeps/linux/common/getgroups.c | |
parent | 66376169bf21dc26f447a8f64bd6f8c8cd27c139 (diff) |
Aubrey writes:
When I mounted nfs on my target, the kernel crashed. And I found it
was caused by stack overflow. When I digged into it.
And I found not only "setgroups.c" but
"getgroups.c" have the matrix (__kernel_gid_t kernel_groups[n]) on the
stack which can be very large because "n" can be assigned to
NGROUPS_MAX.
And, NGROUPS_MAX is defined in the file "./linux-2.6.x/include/linux/limits.h"
#define NGROUPS_MAX 65536 /* supplemental group IDs are available */
I also changed it to do malloc.
Diffstat (limited to 'libc/sysdeps/linux/common/getgroups.c')
-rw-r--r-- | libc/sysdeps/linux/common/getgroups.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libc/sysdeps/linux/common/getgroups.c b/libc/sysdeps/linux/common/getgroups.c index c863489b9..b2918c6d9 100644 --- a/libc/sysdeps/linux/common/getgroups.c +++ b/libc/sysdeps/linux/common/getgroups.c @@ -10,6 +10,7 @@ #define sysconf __sysconf #include "syscalls.h" +#include <stdlib.h> #include <unistd.h> #define MIN(a,b) (((a)<(b))?(a):(b)) @@ -21,11 +22,17 @@ static inline _syscall2(int, __syscall_getgroups, int attribute_hidden __getgroups(int n, gid_t * groups) { if (unlikely(n < 0)) { +ret_error: __set_errno(EINVAL); return -1; } else { int i, ngids; - __kernel_gid_t kernel_groups[n = MIN(n, sysconf(_SC_NGROUPS_MAX))]; + __kernel_gid_t *kernel_groups; + + n = MIN(n, sysconf(_SC_NGROUPS_MAX)); + kernel_groups = (__kernel_gid_t *)malloc(sizeof(*kernel_groups) * n); + if (kernel_groups == NULL) + goto ret_error; ngids = __syscall_getgroups(n, kernel_groups); if (n != 0 && ngids > 0) { @@ -33,6 +40,7 @@ int attribute_hidden __getgroups(int n, gid_t * groups) groups[i] = kernel_groups[i]; } } + free(kernel_groups); return ngids; } } |