diff options
Diffstat (limited to 'crypto/openssh/uidswap.c')
| -rw-r--r-- | crypto/openssh/uidswap.c | 43 |
1 files changed, 32 insertions, 11 deletions
diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 9e161d0f..44c4cb6 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -16,6 +16,7 @@ RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $"); #include "log.h" #include "uidswap.h" +#include "xmalloc.h" /* * Note: all these functions must work in all of the following cases: @@ -38,7 +39,7 @@ static gid_t saved_egid = 0; /* Saved effective uid. */ static int privileged = 0; static int temporarily_use_uid_effective = 0; -static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; +static gid_t *saved_egroups = NULL, *user_groups = NULL; static int saved_egroupslen = -1, user_groupslen = -1; /* @@ -68,18 +69,38 @@ temporarily_use_uid(struct passwd *pw) privileged = 1; temporarily_use_uid_effective = 1; - saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); + + saved_egroupslen = getgroups(0, NULL); if (saved_egroupslen < 0) fatal("getgroups: %.100s", strerror(errno)); + if (saved_egroupslen > 0) { + saved_egroups = xrealloc(saved_egroups, + saved_egroupslen * sizeof(gid_t)); + if (getgroups(saved_egroupslen, saved_egroups) < 0) + fatal("getgroups: %.100s", strerror(errno)); + } else { /* saved_egroupslen == 0 */ + if (saved_egroups != NULL) + xfree(saved_egroups); + } /* set and save the user's groups */ if (user_groupslen == -1) { if (initgroups(pw->pw_name, pw->pw_gid) < 0) fatal("initgroups: %s: %.100s", pw->pw_name, strerror(errno)); - user_groupslen = getgroups(NGROUPS_MAX, user_groups); + + user_groupslen = getgroups(0, NULL); if (user_groupslen < 0) fatal("getgroups: %.100s", strerror(errno)); + if (user_groupslen > 0) { + user_groups = xrealloc(user_groups, + user_groupslen * sizeof(gid_t)); + if (getgroups(user_groupslen, user_groups) < 0) + fatal("getgroups: %.100s", strerror(errno)); + } else { /* user_groupslen == 0 */ + if (user_groups) + xfree(user_groups); + } } /* Set the effective uid to the given (unprivileged) uid. */ if (setgroups(user_groupslen, user_groups) < 0) @@ -151,7 +172,7 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); -#if defined(HAVE_SETRESGID) +#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) @@ -164,7 +185,7 @@ permanently_set_uid(struct passwd *pw) fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #endif -#if defined(HAVE_SETRESUID) +#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) @@ -180,28 +201,28 @@ permanently_set_uid(struct passwd *pw) #endif /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { - fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", - __func__, (u_int)getgid(), (u_int)getegid(), + fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", + __func__, (u_int)getgid(), (u_int)getegid(), (u_int)pw->pw_gid); } #ifndef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ - if (old_uid != pw->pw_uid && + if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); #endif /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), + fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", + __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)pw->pw_uid); } } |
