tools: virt-login-shell: Fix group list bounds checking

The list certainly isn't zero terminated and it would disallow usage of
group 'root'. Pass in the array size and match against it.
This commit is contained in:
Peter Krempa 2016-06-17 14:50:44 +02:00
parent 0a07bf3dc5
commit 94f93d7071

View File

@ -47,7 +47,8 @@ static const char *conf_file = SYSCONFDIR "/libvirt/virt-login-shell.conf";
static int virLoginShellAllowedUser(virConfPtr conf, static int virLoginShellAllowedUser(virConfPtr conf,
const char *name, const char *name,
gid_t *groups) gid_t *groups,
size_t ngroups)
{ {
virConfValuePtr p; virConfValuePtr p;
int ret = -1; int ret = -1;
@ -74,7 +75,7 @@ static int virLoginShellAllowedUser(virConfPtr conf,
ptr = &pp->str[1]; ptr = &pp->str[1];
if (!*ptr) if (!*ptr)
continue; continue;
for (i = 0; groups[i]; i++) { for (i = 0; i < ngroups; i++) {
if (!(gname = virGetGroupName(groups[i]))) if (!(gname = virGetGroupName(groups[i])))
continue; continue;
if (fnmatch(ptr, gname, 0) == 0) { if (fnmatch(ptr, gname, 0) == 0) {
@ -306,7 +307,7 @@ main(int argc, char **argv)
if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0) if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0)
goto cleanup; goto cleanup;
if (virLoginShellAllowedUser(conf, name, groups) < 0) if (virLoginShellAllowedUser(conf, name, groups, ngroups) < 0)
goto cleanup; goto cleanup;
if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0) if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0)