From nobody@FreeBSD.org  Wed Oct 12 00:05:16 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2035A106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Oct 2011 00:05:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 1021C8FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Oct 2011 00:05:16 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p9C05FTD013539
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 12 Oct 2011 00:05:15 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p9C05FlL013538;
	Wed, 12 Oct 2011 00:05:15 GMT
	(envelope-from nobody)
Message-Id: <201110120005.p9C05FlL013538@red.freebsd.org>
Date: Wed, 12 Oct 2011 00:05:15 GMT
From: Jeremy Huddleston <jeremyhu@apple.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: usr.bin/newgrp has an off-by-1 error when checking ngrps
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         161509
>Category:       bin
>Synopsis:       usr.bin/newgrp has an off-by-1 error when checking ngrps
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    delphij
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 12 00:10:07 UTC 2011
>Closed-Date:    Tue Feb 07 22:13:53 UTC 2012
>Last-Modified:  Tue Feb  7 22:20:11 UTC 2012
>Originator:     Jeremy Huddleston
>Release:        HEAD
>Organization:
Apple Inc
>Environment:
N/A
>Description:
newgrp.c currently does:

if (ngrps == ngrps_max)
   ... warn about too many groups
else
   ngrps++
   setgroups(ngrps, ...)

Thus the check for ngrps_max needs to be against ngrps + 1, not ngrps.


>How-To-Repeat:
call ngrp with your NGROUPS_MAXth group.
>Fix:
Line numbers will be offset due to local changes.

--- newgrp.c	(revision 3269)
+++ newgrp.c	(working copy)
@@ -143,7 +146,7 @@
 	if (initres < 0)
 		warn("initgroups");
 	if (setres < 0)
-		warn("setgroups");
+		warn("setgid");
 }
 
 static void
@@ -227,7 +250,7 @@
 
 	/* Add old effective gid to supp. list if it does not exist. */
 	if (egid != grp->gr_gid && !inarray(egid, grps, ngrps)) {
-		if (ngrps == ngrps_max)
+		if (ngrps + 1 >= ngrps_max)
 			warnx("too many groups");
 		else {
 			grps[ngrps++] = egid;


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: delphij 
State-Changed-When: Wed Oct 12 01:19:21 UTC 2011 
State-Changed-Why:  
Patch applied against -HEAD. 


Responsible-Changed-From-To: freebsd-bugs->delphij 
Responsible-Changed-By: delphij 
Responsible-Changed-When: Wed Oct 12 01:19:21 UTC 2011 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=161509 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/161509: commit references a PR
Date: Wed, 12 Oct 2011 01:19:21 +0000 (UTC)

 Author: delphij
 Date: Wed Oct 12 01:19:12 2011
 New Revision: 226274
 URL: http://svn.freebsd.org/changeset/base/226274
 
 Log:
    - Fix an off-by-one bug in addgroup().
    - Fix the error message when setgid() failed.
   
   PR:		bin/161509
   Submitted by:	Jeremy Huddleston <jeremyhu apple com>
   MFC after:	2 weeks
 
 Modified:
   head/usr.bin/newgrp/newgrp.c
 
 Modified: head/usr.bin/newgrp/newgrp.c
 ==============================================================================
 --- head/usr.bin/newgrp/newgrp.c	Wed Oct 12 01:09:57 2011	(r226273)
 +++ head/usr.bin/newgrp/newgrp.c	Wed Oct 12 01:19:12 2011	(r226274)
 @@ -140,7 +140,7 @@ restoregrps(void)
  	if (initres < 0)
  		warn("initgroups");
  	if (setres < 0)
 -		warn("setgroups");
 +		warn("setgid");
  }
  
  static void
 @@ -220,7 +220,7 @@ addgroup(const char *grpname)
  
  	/* Add old effective gid to supp. list if it does not exist. */
  	if (egid != grp->gr_gid && !inarray(egid, grps, ngrps)) {
 -		if (ngrps == ngrps_max)
 +		if (ngrps + 1 >= ngrps_max)
  			warnx("too many groups");
  		else {
  			grps[ngrps++] = egid;
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: delphij 
State-Changed-When: Tue Feb 7 22:13:42 UTC 2012 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=161509 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/161509: commit references a PR
Date: Tue,  7 Feb 2012 22:13:44 +0000 (UTC)

 Author: delphij
 Date: Tue Feb  7 22:13:33 2012
 New Revision: 231164
 URL: http://svn.freebsd.org/changeset/base/231164
 
 Log:
   MFC r226274,r226416:
   
   Fix the error message when setgid() failed.
   
   PR:		bin/161509
   Submitted by:	Jeremy Huddleston <jeremyhu apple com>
 
 Modified:
   stable/9/usr.bin/newgrp/newgrp.c
 Directory Properties:
   stable/9/usr.bin/newgrp/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/8/usr.bin/newgrp/newgrp.c
 Directory Properties:
   stable/8/usr.bin/newgrp/   (props changed)
 
 Modified: stable/9/usr.bin/newgrp/newgrp.c
 ==============================================================================
 --- stable/9/usr.bin/newgrp/newgrp.c	Tue Feb  7 22:13:24 2012	(r231163)
 +++ stable/9/usr.bin/newgrp/newgrp.c	Tue Feb  7 22:13:33 2012	(r231164)
 @@ -140,7 +140,7 @@ restoregrps(void)
  	if (initres < 0)
  		warn("initgroups");
  	if (setres < 0)
 -		warn("setgroups");
 +		warn("setgid");
  }
  
  static void
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/161509: commit references a PR
Date: Tue,  7 Feb 2012 22:14:08 +0000 (UTC)

 Author: delphij
 Date: Tue Feb  7 22:13:33 2012
 New Revision: 231164
 URL: http://svn.freebsd.org/changeset/base/231164
 
 Log:
   MFC r226274,r226416:
   
   Fix the error message when setgid() failed.
   
   PR:		bin/161509
   Submitted by:	Jeremy Huddleston <jeremyhu apple com>
 
 Modified:
   stable/8/usr.bin/newgrp/newgrp.c
 Directory Properties:
   stable/8/usr.bin/newgrp/   (props changed)
 
 Changes in other areas also in this revision:
 Modified:
   stable/9/usr.bin/newgrp/newgrp.c
 Directory Properties:
   stable/9/usr.bin/newgrp/   (props changed)
 
 Modified: stable/8/usr.bin/newgrp/newgrp.c
 ==============================================================================
 --- stable/8/usr.bin/newgrp/newgrp.c	Tue Feb  7 22:13:24 2012	(r231163)
 +++ stable/8/usr.bin/newgrp/newgrp.c	Tue Feb  7 22:13:33 2012	(r231164)
 @@ -140,7 +140,7 @@ restoregrps(void)
  	if (initres < 0)
  		warn("initgroups");
  	if (setres < 0)
 -		warn("setgroups");
 +		warn("setgid");
  }
  
  static void
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
