Commit 2c4dc7a nss-idmap: use right group list pointer after sss_get_ex()

1 file Authored by sbose a month ago , Committed by jhrozek a month ago ,
nss-idmap: use right group list pointer after sss_get_ex()

If the initial array is too small it will be reallocated during
sss_get_ex() and the pointer might change and the initial memory area
should not be used anymore.

Related to https://pagure.io/SSSD/sssd/issue/3715

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

    
 1 @@ -485,7 +485,6 @@
 2                                    uint32_t flags, unsigned int timeout)
 3   {
 4       int ret;
 5 -     gid_t *new_groups;
 6       long int new_ngroups;
 7       long int start = 1;
 8       struct nss_input inp = {
 9 @@ -498,27 +497,28 @@
10       }
11   
12       new_ngroups = MAX(1, *ngroups);
13 -     new_groups = malloc(new_ngroups * sizeof(gid_t));
14 -     if (new_groups == NULL) {
15 +     inp.result.initgrrep.groups = malloc(new_ngroups * sizeof(gid_t));
16 +     if (inp.result.initgrrep.groups == NULL) {
17           free(discard_const(inp.rd.data));
18           return ENOMEM;
19       }
20 -     new_groups[0] = group;
21 +     inp.result.initgrrep.groups[0] = group;
22   
23 -     inp.result.initgrrep.groups = new_groups,
24       inp.result.initgrrep.ngroups = &new_ngroups;
25       inp.result.initgrrep.start = &start;
26   
27 - 
28 +     /* inp.result.initgrrep.groups, inp.result.initgrrep.ngroups and
29 +      * inp.result.initgrrep.start might be modified by sss_get_ex() */
30       ret = sss_get_ex(&inp, flags, timeout);
31       free(discard_const(inp.rd.data));
32       if (ret != 0) {
33 -         free(new_groups);
34 +         free(inp.result.initgrrep.groups);
35           return ret;
36       }
37   
38 -     memcpy(groups, new_groups, MIN(*ngroups, start) * sizeof(gid_t));
39 -     free(new_groups);
40 +     memcpy(groups, inp.result.initgrrep.groups,
41 +            MIN(*ngroups, start) * sizeof(gid_t));
42 +     free(inp.result.initgrrep.groups);
43   
44       if (start > *ngroups) {
45           ret = ERANGE;