-
Notifications
You must be signed in to change notification settings - Fork 677
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory unsafety in nix::unistd::getgrouplist #1541
Comments
vitalyd
added a commit
to vitalyd/nix
that referenced
this issue
Sep 27, 2021
vitalyd
added a commit
to vitalyd/nix
that referenced
this issue
Sep 28, 2021
asomers
pushed a commit
to asomers/nix
that referenced
this issue
Sep 29, 2021
bors bot
added a commit
that referenced
this issue
Sep 29, 2021
1538: posix_fadvise doesn't return -1 as sentinel value r=asomers a=ocadaruma ## Summary - `posix_fadvise(2)` does return error number directly (i.e. not through `errno`) * refs: https://man7.org/linux/man-pages/man2/posix_fadvise.2.html , https://man7.org/linux/man-pages/man2/posix_fadvise.2.html - However `posix_fadvise`-binding uses `Errno::result` to translate the error now, which is mis-use. 1545: Fix memory unsafety in unistd::getgrouplist r=asomers a=asomers Fixes #1541 1546: Revert "Expose SockAddr::from_raw_sockaddr" r=asomers a=asomers This reverts commit ed43d2c. As discussed in #1544 the API of this function needs to change. For now, revert the PR that made it public, because it has not yet been included in any release. Co-authored-by: Haruki Okada <ocadaruma@gmail.com> Co-authored-by: vitalyd <vitalyd@gmail.com> Co-authored-by: Alan Somers <asomers@gmail.com>
asomers
pushed a commit
that referenced
this issue
Sep 29, 2021
asomers
pushed a commit
that referenced
this issue
Sep 29, 2021
asomers
pushed a commit
that referenced
this issue
Sep 29, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 7, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 7, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 7, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 7, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 7, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 8, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 8, 2021
geofft
added a commit
to twosigma/nsncd
that referenced
this issue
Oct 8, 2021
This was referenced Oct 8, 2021
This was referenced Jan 15, 2022
This was referenced May 14, 2022
This was referenced Jun 5, 2022
FallenWarrior2k
added a commit
to FallenWarrior2k/xbgdump
that referenced
this issue
Jun 6, 2022
This was referenced Aug 1, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If
libc::getgrouplist
returns-1
, indicating the suppliedgroups
buffer is too short to hold all the user's groups, the current code will double the buffer and try again. Unfortunately, thengroups
value it passes tolibc::getgrouplist
doesn't reflect the len of the buffer. After the 1st iteration in this scenario,libc
will setngroups
to the # of groups it found, which can be a larger # than the doubling of thegroup
's capacity. The 2nd iteration of the loop will now have a mismatch betweengroup
's capacity and thengroups
value it supplies. This will lead tolibc
writing into unallocated memory beyond the buffer's allocation, leading to a segfault, allocator corruption (e.g.free
on destroying theVec<Gid>
complaining of invalid size passed in), or more generally, UB behavior.The simplest fix is to set
ngroups
togroups.capacity()
on each loop iteration, i.e.:Separately, since Linux sets
ngroups
to be the # of groups found (when returning-1
), it probably makes sense to reserve that amount ingroups
rather than doing the doubling capacity dance. But that's a separate issue.cc @geofft
The text was updated successfully, but these errors were encountered: