[libvirt] [PATCH v3 1/4] tools: virt-login-shell: Fix group list bounds checking
Peter Krempa
pkrempa at redhat.com
Fri Jun 17 13:44:09 UTC 2016
The list certainly isn't zero terminated and it would isallow usage of
group 'root'. Pass in the array size and match against it.
---
tools/virt-login-shell.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
index 38fcb9e..96ca410 100644
--- a/tools/virt-login-shell.c
+++ b/tools/virt-login-shell.c
@@ -47,7 +47,8 @@ static const char *conf_file = SYSCONFDIR "/libvirt/virt-login-shell.conf";
static int virLoginShellAllowedUser(virConfPtr conf,
const char *name,
- gid_t *groups)
+ gid_t *groups,
+ size_t ngroups)
{
virConfValuePtr p;
int ret = -1;
@@ -74,7 +75,7 @@ static int virLoginShellAllowedUser(virConfPtr conf,
ptr = &pp->str[1];
if (!*ptr)
continue;
- for (i = 0; groups[i]; i++) {
+ for (i = 0; i < ngroups; i++) {
if (!(gname = virGetGroupName(groups[i])))
continue;
if (fnmatch(ptr, gname, 0) == 0) {
@@ -306,7 +307,7 @@ main(int argc, char **argv)
if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0)
goto cleanup;
- if (virLoginShellAllowedUser(conf, name, groups) < 0)
+ if (virLoginShellAllowedUser(conf, name, groups, ngroups) < 0)
goto cleanup;
if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0)
--
2.8.3
More information about the libvir-list
mailing list