From 788146c3e3a564f333f39a2fcffccf3012cc2679 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Nov 11 2015 11:05:29 +0000
Subject: IFP: Skip non-POSIX groups properly


When ifp_users_user_get_groups is called, for example via GetAll and
the list of groups contains a non-POSIX group, we skip an array member,
resulting in random memory being passed to the caller.

Resolves:
    https://fedorahosted.org/sssd/ticket/2863

Reviewed-by: Pavel Březina <pbrezina@redhat.com>

---

diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c
index 4746de3..e542e81 100644
--- a/src/responder/ifp/ifp_users.c
+++ b/src/responder/ifp/ifp_users.c
@@ -806,8 +806,10 @@ void ifp_users_user_get_groups(struct sbus_request *sbus_req,
             continue;
         }
 
-        out[i] = ifp_groups_build_path_from_msg(out, domain, res->msgs[i]);
-        if (out[i] == NULL) {
+        out[num_groups] = ifp_groups_build_path_from_msg(out,
+                                                         domain,
+                                                         res->msgs[i]);
+        if (out[num_groups] == NULL) {
             DEBUG(SSSDBG_CRIT_FAILURE, "ifp_groups_build_path() failed\n");
             return;
         }