libselinux: seusers: fix to handle large sets of groups

If a user was in too many groups the check_group function might not pass a large enough buffer to getgrnam_r to handle things. This could return ERANGE which we then aborted. Instead we should make the buffer larger and try again. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-10-24 13:47:36 -04:00 · 2011-10-24 13:47:36 -04:00 · dd563b35e1
commit dd563b35e1
parent 3b5e45f004
1 changed files with 20 additions and 6 deletions
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@ -5,6 +5,7 @@
 #include <stdio.h>
 #include <stdio_ext.h>
 #include <ctype.h>
+#include <errno.h>
 #include <selinux/selinux.h>
 #include <selinux/context.h>
 #include "selinux_internal.h"
@ -118,13 +119,26 @@ static int check_group(const char *group, const char *name, const gid_t gid) {
 	long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
 	if (rbuflen <= 0)
 		return 0;
-	char *rbuf = malloc(rbuflen);
-	if (rbuf == NULL)
-		return 0;
+	char *rbuf;

-	if (getgrnam_r(group, &gbuf, rbuf, rbuflen, 
-		       &grent) != 0)
-		goto done;
+	while(1) {
+		rbuf = malloc(rbuflen);
+		if (rbuf == NULL)
+			return 0;
+		int retval = getgrnam_r(group, &gbuf, rbuf, 
+				rbuflen, &grent);
+		if ( retval == ERANGE )
+		{
+			free(rbuf);
+			rbuflen = rbuflen * 2;
+		} else if ( retval != 0 || grent == NULL )
+		{
+			goto done;
+		} else
+		{
+			break;
+		}
+	}

 	if (getgrouplist(name, gid, NULL, &ng) < 0) {
 		groups = (gid_t *) malloc(sizeof (gid_t) * ng);