bugzilla-daemon at mindrot.org
2024-Sep-11 13:11 UTC
[Bug 3735] New: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)
https://bugzilla.mindrot.org/show_bug.cgi?id=3735
Bug ID: 3735
Summary: The ngroups variable may be set to a negative value
when calling sysconf(_SC_NGROUPS_MAX)
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Build system
Assignee: unassigned-bugs at mindrot.org
Reporter: suhov.ra at npc-ksb.ru
File:
https://github.com/openssh/openssh-portable/blob/master/groupaccess.c
Line: 64
The ngroups variable can be set to a negative value when calling
sysconf(_SC_NGROUPS_MAX), and this value is then used without checking
in the xcalloc function call, which can lead to unpredictable behavior
or even errors.
A check must be added to ensure that the value returned by sysconf is
not negative.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2024-Sep-11 22:24 UTC
[Bug 3735] The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)
https://bugzilla.mindrot.org/show_bug.cgi?id=3735
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net>
---> The ngroups variable can be set to a negative value when calling
> sysconf(_SC_NGROUPS_MAX)
That's true...
> and this value is then used without checking in the xcalloc function
but that's not true. It's only ever used to increase ngroups beyond
NGROUPS_MAX. If the sysconf returns -1, that'll be less than
NGROUPS_MAX and it's not used:
ngroups = NGROUPS_MAX;
#if defined(HAVE_SYSCONF) && defined(_SC_NGROUPS_MAX)
ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX));
#endif
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2024-Sep-11 23:16 UTC
[Bug 3735] The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX)
https://bugzilla.mindrot.org/show_bug.cgi?id=3735
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
It looks like you're filing bugs for results of some analysis tool
without doing any human qualification. Please don't do this.
This case is a good example: the very check that you are asking for is
directly above the code you highlighted.
Filing bogus bugs for unqualified analysis findings wastes our time and
yours.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- use sysconf instead of NGROUPS_MAX
- [Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
- xmalloc(foo*bar) -> xcalloc(foo, bar) for Portable
- [Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
- NGROUPS_MAX