Dynamically allocate the gidset field in audit record.

This fixes a problem created by the recent change that allows a large
number of groups per user.  The gidset field in struct kaudit_record
is now dynamically allocated to the size needed rather than statically
(using NGROUPS).

Approved by:	re@ (kensmith, rwatson), gnn (mentor)

1 files changed, 3 insertions, 0 deletions

diff --git a/sys/security/audit/audit.c b/sys/security/audit/audit.c
index da47d25..1967e05 100644
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@@ -77,6 +77,7 @@ static MALLOC_DEFINE(M_AUDITCRED, "audit_cred", "Audit cred storage");
 MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage");
 MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
 MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
+MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage");
 
 SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
     "TrustedBSD audit controls");
@@ -253,6 +254,8 @@ audit_record_dtor(void *mem, int size, void *arg)
 		free(ar->k_ar.ar_arg_argv, M_AUDITTEXT);
 	if (ar->k_ar.ar_arg_envv != NULL)
 		free(ar->k_ar.ar_arg_envv, M_AUDITTEXT);
+	if (ar->k_ar.ar_arg_groups.gidset != NULL)
+		free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET);
 }
 
 /*