diff options
| author |   dtucker <dtucker@openbsd.org> | 2015-06-22 12:29:57 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2015-06-22 12:29:57 +0000 |
| commit | c6e31affb9363187300e0fc569739580fa1dbaee (patch) | |
| tree | 77a6a08e256192c25929d8dd1d79f9483a436560 | |
| parent | After the last change, we also have to url_encode $SERVER_NAME and (diff) | |
| download | wireguard-openbsd-c6e31affb9363187300e0fc569739580fa1dbaee.tar.xz wireguard-openbsd-c6e31affb9363187300e0fc569739580fa1dbaee.zip | |
Don't call setgroups if we have zero groups; there's no guarantee that it
won't try to deref the pointer. Based on a patch from mail at quitesimple.org,
ok djm deraadt
| -rw-r--r-- | usr.bin/ssh/uidswap.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index e9dee64578a..ed09f5a9611 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.37 2015/01/16 06:40:12 deraadt Exp $ */ +/* $OpenBSD: uidswap.c,v 1.38 2015/06/22 12:29:57 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -76,7 +76,7 @@ temporarily_use_uid(struct passwd *pw) fatal("getgroups: %.100s", strerror(errno)); } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) + if (user_groupslen > 0 && setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int)pw->pw_gid, @@ -103,7 +103,8 @@ restore_uid(void) /* Set the effective uid back to the saved privileged uid. */ if (seteuid(saved_euid) < 0) fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); - if (setgroups(saved_egroupslen, saved_egroups) < 0) + if (saved_egroupslen > 0 && + setgroups(saved_egroupslen, saved_egroups) < 0) fatal("setgroups: %.100s", strerror(errno)); if (setegid(saved_egid) < 0) fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); |