Attachment #217545 for bug #248932

View | Details | Raw Unified | Return to bug 248932
Collapse All | Expand All




	orig_buf_size = va_arg(ap, size_t);
	ret_errno = va_arg(ap, int *);

	if (orig_buf_size + sizeof(struct group) + sizeof(char *) <
	    buffer_size)
	{
		*ret_errno = ERANGE;
		return (NS_RETURN);
	} else if (buffer_size < sizeof(struct group) + sizeof(char *)) {
		/*
		 * nscd(8) sometimes returns buffer_size=1 for nonexistent
		 * groups.
		 */
		*ret_errno = 0;
		return (NS_UNAVAIL);
	}

	memcpy(grp, buffer, sizeof(struct group));

Return to bug 248932

Lines 332-341 Link Here

(-)lib/libc/gen/getgrent.c (-2 / +10 lines)
332	orig_buf_size = va_arg(ap, size_t);	332	orig_buf_size = va_arg(ap, size_t);
333	ret_errno = va_arg(ap, int *);	333	ret_errno = va_arg(ap, int *);
334		334
335	if (orig_buf_size <	335	if (orig_buf_size + sizeof(struct group) + sizeof(char *) <
336	buffer_size - sizeof(struct group) - sizeof(char *)) {	336	buffer_size)
		337	{
337	*ret_errno = ERANGE;	338	*ret_errno = ERANGE;
338	return (NS_RETURN);	339	return (NS_RETURN);
		340	} else if (buffer_size < sizeof(struct group) + sizeof(char *)) {
		341	/*
		342	* nscd(8) sometimes returns buffer_size=1 for nonexistent
		343	* groups.
		344	*/
		345	*ret_errno = 0;
		346	return (NS_UNAVAIL);
339	}	347	}
340		348
341	memcpy(grp, buffer, sizeof(struct group));	349	memcpy(grp, buffer, sizeof(struct group));