search for: _sc_ngroups_max

https://bugzilla.mindrot.org/show_bug.cgi?id=3735 Bug ID: 3735 Summary: The ngroups variable may be set to a negative value when calling sysconf(_SC_NGROUPS_MAX) Product: Portable OpenSSH Version: 9.8p1 Hardware: Other OS: All Status: NEW Severity: normal Priority: P5 Component: Build system Assignee: unassigned-bugs at mindrot.org Reporter: suhov.r...

...ned in limits.h and tells the maximum number of groups which an account can be member of. As NGROUPS_MAX is determined at compile-time, this limit gets hardcoded into the resulting binary. As NGROUPS_MAX may be larger at runtime than at compile-time it should be regarded as deprecated and sysconf(_SC_NGROUPS_MAX) should be used instead. (see APUE 2.4.5 also) In uidswap.c, line 41 NGROUPS_MAX is used to initialize static arrays in global context. These 2 occurances of NGROUPS_MAX cannot be substituted through sysconf(_SC_NGROUPS_MAX) easily as memory has to be allocated at runtime. In the same file NGR...

...gid_t grouplst[NGROUPS_MAX]; ./source/lib/replace.c: while (i < NGROUPS_MAX && ./source/smbd/password.c:#ifdef NGROUPS_MAX ./source/smbd/password.c: if((groups = (gid_t *)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL) POSIX defined sysconf in order to avoid this. By using sysconf(_SC_NGROUPS_MAX) this value is determined at run-time. OTOH NGROUPS_MAX seems to be used incorrectly anyway: source/smbd/password.c #ifdef NGROUPS_MAX if((groups = (gid_t *)malloc(sizeof(gid_t)*NGROUPS_MAX)) == NULL) #else /* NGROUPS_MAX */ if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) ==...

http://bugzilla.mindrot.org/show_bug.cgi?id=787 ------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-20 13:01 ------- Created an attachment (id=548) --> (http://bugzilla.mindrot.org/attachment.cgi?id=548&action=view) NGROUPS patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...idswap.c:static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; ./uidswap.c: saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); ./uidswap.c: user_groupslen = getgroups(NGROUPS_MAX, user_groups); POSIX defined sysconf in order to avoid this. By using sysconf(_SC_NGROUPS_MAX) this value is determined at run-time. Sven

I have an odd problem and I was wondering if anyone has ever run into this before. I have a machine running solaris 8, OpenSSH 3.1p1 and OpenSSL 0.9.6c and it has been working fine for quite some time (ssh that is). Today, /etc/system was updated to increase the maximum number of groups from 16 to 32. After the system was rebooted, things seemed to be working as expected, however one of our

...al/src/security/openssh/cvs/openssh_cvs/groupaccess.c,v retrieving revision 1.10 diff -u -p -r1.10 groupaccess.c --- groupaccess.c 26 Mar 2006 03:24:49 -0000 1.10 +++ groupaccess.c 4 May 2006 01:56:11 -0000 @@ -52,8 +52,8 @@ ga_init(const char *user, gid_t base) ngroups = MAX(NGROUPS_MAX, sysconf(_SC_NGROUPS_MAX)); #endif - groups_bygid = xmalloc(ngroups * sizeof(*groups_bygid)); - groups_byname = xmalloc(ngroups * sizeof(*groups_byname)); + groups_bygid = xcalloc(ngroups, sizeof(*groups_bygid)); + groups_byname = xcalloc(ngroups, sizeof(*groups_byname)); if (getgrouplist(user, base, groups_bygid, &...

...1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version. * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * sshd(8): handle getgrouplist(3) returning more than _SC_NGROUPS_MAX groups. Some platforms consider this limit more as a guideline. Checksums: ========== - SHA1 (openssh-7.9.tar.gz) = 7c50a86b8f591decd172ed7f5527abc533098dec - SHA256 (openssh-7.9.tar.gz) = nSVigtHGn3+xKXRqpSnp4YOyEPPAb+pCHdWS9Eh/IPY= - SHA1 (openssh-7.9p1.tar.gz) = 993aceedea8ecabb1d0dd729...

...r conflicting AUTH_ERROR define in rpc/rpc.h... no checking for test routines... yes checking for ftruncate extend... yes checking for broken getgroups... no checking whether getpass should be replaced... no checking for broken inet_ntoa... no checking for secure mkstemp... yes checking for sysconf(_SC_NGROUPS_MAX)... yes checking for root... yes checking for iface AIX... no checking for iface ifconf... got 2 interfaces: lo0 IP=127.0.0.1 NETMASK=255.0.0.0 tu0 IP=152.19.100.32 NETMASK=255.255.0.0 yes checking for setresuid... no checking for setreuid... OK yes checking for working mmap... yes ch...

...sl 1>&5 configure:10798: checking for ftruncate extend configure:10834: checking for broken getgroups configure:10870: checking whether getpass should be replaced configure:10914: checking for broken inet_ntoa configure:10960: checking for secure mkstemp configure:11009: checking for sysconf(_SC_NGROUPS_MAX) configure:11046: checking for root configure:11087: checking for iface AIX configure:11128: checking for iface ifconf configure:11216: checking for setresuid configure:11385: checking for working mmap configure:11421: checking for ftruncate needs root configure:11457: checking for fcntl locking co...

...or conflicting AUTH_ERROR define in rpc/rpc.h... no checking for test routines... yes checking for ftruncate extend... yes checking for broken getgroups... no checking whether getpass should be replaced... no checking for broken inet_ntoa... no checking for secure mkstemp... no checking for sysconf(_SC_NGROUPS_MAX)... yes checking for root... yes checking for iface AIX... no checking for iface ifconf... no checking for iface ifreq... no checking for setresuid... no checking for setreuid... no checking for seteuid... no checking for setuidx... no checking for working mmap... yes checking for ftruncate needs r...

Hello, I am running HP-UX 11 with Samba 2.2.5 binaries for HPUX and I keep getting the error that Samba can't find the unicode_map.xxx file. Well, I notice that all I have in /usr/local/samba/lib/codepages is codepage type files, not unicode. Why do the binaries not include a compiled make_unicodemap? I did download the source and found the .c file for the command. When I try to run

...king for irix specific capabilities... no checking for ftruncate extend... yes checking for AF_LOCAL socket support... no checking for broken getgroups... no checking whether getpass should be replaced... no checking for broken inet_ntoa... no checking for secure mkstemp... yes checking for sysconf(_SC_NGROUPS_MAX)... yes checking for root... no configure: WARNING: running as non-root will disable some tests checking for iface AIX... no checking for iface ifconf... got 2 interfaces: e1000g0 IP=192.29.97.145 NETMASK=255.255.255.0 lo0 IP=127.0.0.1 NETMASK=255.0.0.0 yes checking for working mmap... ye...

...) no checking for test routines... yes checking for ftruncate extend... (cached) yes checking for broken getgroups... (cached) no checking whether getpass should be replaced... (cached) yes checking for broken inet_ntoa... (cached) no checking for secure mkstemp... (cached) yes checking for sysconf(_SC_NGROUPS_MAX)... (cached) yes checking for root... (cached) no configure: warning: running as non-root will disable some tests checking for iface AIX... (cached) no checking for iface ifconf... (cached) yes checking for setresuid... (cached) no checking for setreuid... (cached) yes checking for working mmap......

...1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version. * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * sshd(8): handle getgrouplist(3) returning more than _SC_NGROUPS_MAX groups. Some platforms consider this limit more as a guideline. Reporting Bugs: =============== - Please read http://www.openssh.com/report.html Security bugs should be reported directly to openssh at openssh.com OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin...

...) no checking for test routines... yes checking for ftruncate extend... (cached) yes checking for broken getgroups... (cached) no checking whether getpass should be replaced... (cached) yes checking for broken inet_ntoa... (cached) no checking for secure mkstemp... (cached) yes checking for sysconf(_SC_NGROUPS_MAX)... (cached) yes checking for root... (cached) yes checking for iface AIX... (cached) no checking for iface ifconf... (cached) yes checking for setresuid... (cached) yes checking for working mmap... (cached) yes checking for ftruncate needs root... (cached) no checking for fcntl locking... (cached)...

...... no checking for test routines... yes checking for ftruncate extend... yes checking for AF_LOCAL socket support... no checking for broken getgroups... no checking whether getpass should be replaced... yes checking for broken inet_ntoa... no checking for secure mkstemp... yes checking for sysconf(_SC_NGROUPS_MAX)... yes checking for root... yes checking for iface AIX... no checking for iface ifconf... got 2 interfaces: eth0 IP=192.168.100.2 NETMASK=255.255.255.0 lo IP=127.0.0.1 NETMASK=255.0.0.0 yes checking for setresuid... OK yes checking for working mmap... yes checking for ftruncate needs...

...r conflicting AUTH_ERROR define in rpc/rpc.h... no checking for test routines... yes checking for ftruncate extend... yes checking for broken getgroups... no checking whether getpass should be replaced... no checking for broken inet_ntoa... no checking for secure mkstemp... yes checking for sysconf(_SC_NGROUPS_MAX)... yes checking for root... yes checking for iface AIX... no checking for iface ifconf... got 3 interfaces: lo0 IP=127.0.0.1 NETMASK=255.0.0.0 tu0 IP=192.168.1.7 NETMASK=255.255.255.0 tu1 IP=192.168.250.1 NETMASK=255.255.255.0 yes checking for setresuid... no checking for setr...

...... no checking for test routines... yes checking for ftruncate extend... yes checking for AF_LOCAL socket support... no checking for broken getgroups... no checking whether getpass should be replaced... yes checking for broken inet_ntoa... no checking for secure mkstemp... yes checking for sysconf(_SC_NGROUPS_MAX)... yes checking for sysconf(_SC_NPROC_ONLN)... no checking for root... no configure: WARNING: running as non-root will disable some tests checking for iface AIX... no checking for iface ifconf... got 2 interfaces: eth1 IP=9.1.72.27 NETMASK=255.255.252.0 lo IP=127.0.0.1 NETMASK=255.0....

...hecking for int32 typedef included by rpc/rpc.h... no checking for uint32 typedef included by rpc/rpc.h... no checking for conflicting AUTH_ERROR define in rpc/rpc.h... no checking for test routines... yes checking for ftruncate extend... yes checking for broken getgroups... no checking for sysconf(_SC_NGROUPS_MAX)... yes checking for sysconf(_SC_NPROC_ONLN)... no checking for sysconf(_SC_NPROCESSORS_ONLN)... yes checking for sysconf(_SC_PAGESIZE)... yes checking for getpagesize... yes checking for setresuid... no checking for setreuid... OK yes checking for the Darwin initgroups system call... no checking f...