commit 195fffa420525a53ecd72c6d49c8660630e97359
parent 60a707681655d249af66cec6786a6fad8337b49c
Author: sin <sin@2f30.org>
Date: Sat, 28 Feb 2015 12:00:25 +0000
Add getgroups() check
Since getgroups() will never write more than NGROUPS_MAX entries
we might as well cap len to that value.
The following should probably not trap the program:
gid_t set[NGROUPS_MAX];
getgroups(NGROUPS_MAX + 1, set);
Diffstat:
1 file changed, 13 insertions(+), 0 deletions(-)
diff --git a/include/unistd.h b/include/unistd.h
@@ -42,6 +42,17 @@ __fortify_getdomainname(char *name, size_t len)
static inline __attribute__ ((always_inline))
int
+__fortify_getgroups(int len, gid_t *set)
+{
+ size_t bos = __builtin_object_size(set, 0);
+
+ if (bos != -1 && len > bos / sizeof(gid_t))
+ __builtin_trap();
+ return getgroups(len, set);
+}
+
+static inline __attribute__ ((always_inline))
+int
__fortify_gethostname(char *name, size_t len)
{
size_t bos = __builtin_object_size(name, 0);
@@ -105,6 +116,8 @@ __fortify_write(int fd, const void *buf, size_t n)
#define getdomainname(name, len) __fortify_getdomainname(name, len)
#endif
+#undef getgroups
+#define getgroups(len, set) __fortify_getgroups(len, set)
#undef gethostname
#define gethostname(name, len) __fortify_gethostname(name, len)
#undef getlogin_r
