From 146fc9c361ff46b6eb14a2a0f62e78d56e0c4ade Mon Sep 17 00:00:00 2001 From: vitalyd Date: Mon, 27 Sep 2021 09:55:59 -0400 Subject: [PATCH] Fix memory unsafety in unistd::getgrouplist Fixes #1541 --- CHANGELOG.md | 8 ++++++++ src/unistd.rs | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7984dfe91..755616075e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,14 @@ All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](https://semver.org/). +## [0.21.2] - 29 September 2021 +### Added +### Changed +### Fixed + +- Fixed buffer overflow in `unistd::getgrouplist`. + (#[1545](https://github.com/nix-rust/nix/pull/1545)) + ## [0.21.1] - 13 August 2021 ### Added ### Changed diff --git a/src/unistd.rs b/src/unistd.rs index d406efe87c..87926e0ec2 100644 --- a/src/unistd.rs +++ b/src/unistd.rs @@ -1530,8 +1530,7 @@ pub fn getgrouplist(user: &CStr, group: Gid) -> Result> { Ok(None) | Err(_) => ::max_value(), }; use std::cmp::min; - let mut ngroups = min(ngroups_max, 8); - let mut groups = Vec::::with_capacity(ngroups as usize); + let mut groups = Vec::::with_capacity(min(ngroups_max, 8) as usize); cfg_if! { if #[cfg(any(target_os = "ios", target_os = "macos"))] { type getgrouplist_group_t = c_int; @@ -1541,6 +1540,7 @@ pub fn getgrouplist(user: &CStr, group: Gid) -> Result> { } let gid: gid_t = group.into(); loop { + let mut ngroups = groups.capacity() as i32; let ret = unsafe { libc::getgrouplist(user.as_ptr(), gid as getgrouplist_group_t,