-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6wTP0ACgkQrlYvE4MpobOqZQCbB7WEGrj2nxc9OEPCTksf0OJP
gDYAoKZ0l1MjCOZ7HHXEWBxS80lE8Lb9
=kj0T
-----END PGP SIGNATURE-----
>From bd744b6aa520e5ac4f253b6ed387086d9add09f8 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Mon, 24 Oct 2011 13:47:36 -0400
Subject: [PATCH 56/63] libselinux: seusers: fix to handle large sets of
groups
If a user was in too many groups the check_group function might not pass
a large enough buffer to getgrnam_r to handle things. This could return
ERANGE which we then aborted. Instead we should make the buffer larger and
try again.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libselinux/src/seusers.c | 26 ++++++++++++++++++++------
1 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
index fc75cb6..b653cad 100644
--- a/libselinux/src/seusers.c
+++ b/libselinux/src/seusers.c
@@ -5,6 +5,7 @@
#include <stdio.h>
#include <stdio_ext.h>
#include <ctype.h>
+#include <errno.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include "selinux_internal.h"
@@ -118,13 +119,26 @@ static int check_group(const char *group, const char *name, const gid_t gid) {
long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
if (rbuflen <= 0)
return 0;
- char *rbuf = malloc(rbuflen);
- if (rbuf == NULL)
- return 0;
+ char *rbuf;
- if (getgrnam_r(group, &gbuf, rbuf, rbuflen,
- &grent) != 0)
- goto done;
+ while(1) {
+ rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ return 0;
+ int retval = getgrnam_r(group, &gbuf, rbuf,
+ rbuflen, &grent);
+ if ( retval == ERANGE )
+ {
+ free(rbuf);
+ rbuflen = rbuflen * 2;
+ } else if ( retval != 0 || grent == NULL )
+ {
+ goto done;
+ } else
+ {
+ break;
+ }
+ }
if (getgrouplist(name, gid, NULL, &ng) < 0) {
groups = (gid_t *) malloc(sizeof (gid_t) * ng);
--
1.7.7
