From 94f93d7071638fb9f59556bc07c1ca61b77a7b13 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Fri, 17 Jun 2016 14:50:44 +0200 Subject: [PATCH] tools: virt-login-shell: Fix group list bounds checking The list certainly isn't zero terminated and it would disallow usage of group 'root'. Pass in the array size and match against it. --- tools/virt-login-shell.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index 38fcb9e38f..96ca410b54 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -47,7 +47,8 @@ static const char *conf_file = SYSCONFDIR "/libvirt/virt-login-shell.conf"; static int virLoginShellAllowedUser(virConfPtr conf, const char *name, - gid_t *groups) + gid_t *groups, + size_t ngroups) { virConfValuePtr p; int ret = -1; @@ -74,7 +75,7 @@ static int virLoginShellAllowedUser(virConfPtr conf, ptr = &pp->str[1]; if (!*ptr) continue; - for (i = 0; groups[i]; i++) { + for (i = 0; i < ngroups; i++) { if (!(gname = virGetGroupName(groups[i]))) continue; if (fnmatch(ptr, gname, 0) == 0) { @@ -306,7 +307,7 @@ main(int argc, char **argv) if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0) goto cleanup; - if (virLoginShellAllowedUser(conf, name, groups) < 0) + if (virLoginShellAllowedUser(conf, name, groups, ngroups) < 0) goto cleanup; if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0)