summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/passwd/getgr_a.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c
index afeb1ece..84550404 100644
--- a/src/passwd/getgr_a.c
+++ b/src/passwd/getgr_a.c
@@ -71,6 +71,10 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
goto cleanup_f;
}
+ if (groupbuf[GRMEMCNT] > (size_t)(INT32_MAX-1)) {
+ rv = ENOMEM;
+ goto cleanup_f;
+ }
if (groupbuf[GRNAMELEN] > SIZE_MAX - groupbuf[GRPASSWDLEN]) {
rv = ENOMEM;
goto cleanup_f;
@@ -127,7 +131,13 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
if (groupbuf[GRMEMCNT]) {
mem[0][0] = *buf + groupbuf[GRNAMELEN] + groupbuf[GRPASSWDLEN];
for (ptr = mem[0][0], i = 0; ptr != mem[0][0]+grlist_len; ptr++)
- if (!*ptr) mem[0][++i] = ptr+1;
+ if (!*ptr)
+ if (i<groupbuf[GRMEMCNT]) {
+ mem[0][++i] = ptr+1;
+ } else {
+ rv = EIO;
+ goto cleanup_f;
+ }
mem[0][i] = 0;
if (i != groupbuf[GRMEMCNT]) {
generated by cgit v1.2.1 (git 2.18.0) at 2026-03-20 13:20:51 +0000