From 924e9fd65e75f0b1f25b22443f905c323a489c11 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Thu, 14 Jan 2016 09:11:42 +0000
Subject: o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix
 Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix
 Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix
 TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default
 bsnmpd.conf permissions. [SA-16:06.bsnmpd]

Security:	FreeBSD-SA-16:01.sctp, CVE-2016-1879
Security:	FreeBSD-SA-16:03.linux, CVE-2016-1880
Security:	FreeBSD-SA-16:04.linux, CVE-2016-1881
Security:	FreeBSD-SA-16:05.tcp, CVE-2016-1882
Security:	FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677
---
 sys/compat/linux/linux_misc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sys/compat/linux/linux_misc.c')

diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c
index d87d786..8f2a687 100644
--- a/sys/compat/linux/linux_misc.c
+++ b/sys/compat/linux/linux_misc.c
@@ -1302,9 +1302,11 @@ linux_setgroups(struct thread *td, struct linux_setgroups_args *args)
 	if (error)
 		goto out;
 	newcred = crget();
+	crextend(newcred, ngrp + 1);
 	p = td->td_proc;
 	PROC_LOCK(p);
-	oldcred = crcopysafe(p, newcred);
+	oldcred = p->p_ucred;
+	crcopy(newcred, oldcred);
 
 	/*
 	 * cr_groups[0] holds egid. Setting the whole set from
-- 
cgit v1.1