Patch to fix mgt_sandbox_unix if there're more than 10 groups

Meng Zhang jammy.linux at gmail.com
Wed Jul 30 16:54:59 CEST 2014 

Hi, @there

Please review and commit the patch to fix mgt_sandbox_unix.

Thanks
Regards

From 79b9db3ccb5dc5c8b3e441f7a89f1195e1d6c8b7 Mon Sep 17 00:00:00 2001
From: ijammy <mzhang at yottaa.com>
Date: Wed, 30 Jul 2014 22:53:36 +0800
Subject: [PATCH] mgt_sandbox_unix will break if there're more than 10 groups

---
 bin/varnishd/mgt/mgt_sandbox.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c
index 973ec83..fe0ad11 100644
--- a/bin/varnishd/mgt/mgt_sandbox.c
+++ b/bin/varnishd/mgt/mgt_sandbox.c
@@ -53,6 +53,7 @@
 #include <syslog.h>
 #include <string.h>
 #include <unistd.h>
+#include <stdlib.h>
 
 #include "mgt/mgt.h"
 #include "common/params.h"
@@ -63,9 +64,8 @@
 static void __match_proto__(mgt_sandbox_f)
 mgt_sandbox_unix(enum sandbox_e who)
 {
-#define NGID 10
-	gid_t gid_list[NGID];
-	int i;
+	gid_t *gid_list = NULL;
+	int i,n;
 
 	if (geteuid() != 0) {
 		REPORT0(LOG_INFO, "Not running as root, no priv-sep");
@@ -76,11 +76,16 @@ mgt_sandbox_unix(enum sandbox_e who)
 	XXXAZ(initgroups(mgt_param.user, mgt_param.gid));
 
 	if (who == SANDBOX_CC && strlen(mgt_param.group_cc) > 0) {
+
+		/*If gidsetsize is 0, getgroups() returns the number of groups without modifying the grouplist[] array.*/
+		n = getgroups(0,gid_list);
+		gid_list = calloc(n+1,sizeof(gid_t));
 		/* Add the optional extra group for the C-compiler access */
-		i = getgroups(NGID, gid_list);
+		i = getgroups(n+1, gid_list);
 		assert(i >= 0);
 		gid_list[i++] = mgt_param.gid_cc;
 		XXXAZ(setgroups(i, gid_list));
+		free(gid_list);
 	}
 
 	XXXAZ(setuid(mgt_param.uid));
-- 
2.0.1.442.g7fe6834

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mgt_sandbox_unix-will-break-if-there-re-more-than-10.patch
Type: application/octet-stream
Size: 1590 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20140730/cce1f1c5/attachment.obj>
-------------- next part --------------

More information about the varnish-dev mailing list