uwrap: Add mamximum for groups we can handle while forking

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/src/uid_wrapper.c b/src/uid_wrapper.c
index 0388ad930527d3eb1d43b734f068bce8206cbde6..945c9347044499650458204b73619f020283f187 100644 (file)
--- a/src/uid_wrapper.c
+++ b/src/uid_wrapper.c
@@ -816,6 +816,7 @@ int pthread_create(pthread_t *thread,
  *********************************************************/
 
 #define GROUP_STRING_SIZE 16384
+#define GROUP_MAX_COUNT (GROUP_STRING_SIZE / (10 + 1))
 
 /**
  * This function exports all the IDs of the current user so if
@@ -849,6 +850,15 @@ static void uwrap_export_ids(struct uwrap_thread *id)
        snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->sgid);
        setenv("UID_WRAPPER_INITIAL_SGID", unsigned_str, 1);
 
+       if (id->ngroups > GROUP_MAX_COUNT) {
+               UWRAP_LOG(UWRAP_LOG_ERROR,
+                         "ERROR: Number of groups (%u) exceeds maximum value "
+                         "uid_wrapper will handle (%u).",
+                         id->ngroups,
+                         GROUP_MAX_COUNT);
+               exit(-1);
+       }
+
        /* GROUPS */
        snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->ngroups);
        setenv("UID_WRAPPER_INITIAL_GROUPS_COUNT", unsigned_str, 1);
@@ -1003,7 +1013,7 @@ static void uwrap_init_env(struct uwrap_thread *id)
                unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
        }
 
-       if (ngroups > 0) {
+       if (ngroups > 0 && ngroups < GROUP_MAX_COUNT) {
                int i = 0;
 
                id->ngroups = 0;