[libvirt] [PATCH v3 1/4] tools: virt-login-shell: Fix group list bounds checking

The list certainly isn't zero terminated and it would isallow usage of group 'root'. Pass in the array size and match against it. --- tools/virt-login-shell.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c index 38fcb9e..96ca410 100644 --- a/tools/virt-login-shell.c +++ b/tools/virt-login-shell.c @@ -47,7 +47,8 @@ static const char *conf_file = SYSCONFDIR "/libvirt/virt-login-shell.conf"; static int virLoginShellAllowedUser(virConfPtr conf, const char *name, - gid_t *groups) + gid_t *groups, + size_t ngroups) { virConfValuePtr p; int ret = -1; @@ -74,7 +75,7 @@ static int virLoginShellAllowedUser(virConfPtr conf, ptr = &pp->str[1]; if (!*ptr) continue; - for (i = 0; groups[i]; i++) { + for (i = 0; i < ngroups; i++) { if (!(gname = virGetGroupName(groups[i]))) continue; if (fnmatch(ptr, gname, 0) == 0) { @@ -306,7 +307,7 @@ main(int argc, char **argv) if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0) goto cleanup; - if (virLoginShellAllowedUser(conf, name, groups) < 0) + if (virLoginShellAllowedUser(conf, name, groups, ngroups) < 0) goto cleanup; if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0) -- 2.8.3