From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 29 Jan 2024 09:18:30 +0000 (+0100)
Subject: socket-util: start SO_PEERGROUP loop with sysconf(_SC_NGROUPS_MAX), too
X-Git-Tag: v256-rc1~1021^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e8aa5c2eebd86efe9bbf36d8db1e98964611aab;p=thirdparty%2Fsystemd.git

socket-util: start SO_PEERGROUP loop with sysconf(_SC_NGROUPS_MAX), too

We do this for getgroups_malloc() hence we should do this here too,
after all whether we do it for a socket peer or for ourselves doesn't
make too much of a difference.
---

diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 0a6c87b023d..a9ad1cc9936 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -930,12 +930,14 @@ int getpeersec(int fd, char **ret) {
 }
 
 int getpeergroups(int fd, gid_t **ret) {
-        socklen_t n = sizeof(gid_t) * 64;
         _cleanup_free_ gid_t *d = NULL;
 
         assert(fd >= 0);
         assert(ret);
 
+        long ngroups_max = sysconf(_SC_NGROUPS_MAX);
+        socklen_t n = sizeof(gid_t) * MAX((socklen_t) ngroups_max, 64U);
+
         for (;;) {
                 d = malloc(n);
                 if (!d)
@@ -953,7 +955,7 @@ int getpeergroups(int fd, gid_t **ret) {
         assert_se(n % sizeof(gid_t) == 0);
         n /= sizeof(gid_t);
 
-        if ((socklen_t) (int) n != n)
+        if (n > INT_MAX)
                 return -E2BIG;
 
         *ret = TAKE_PTR(d);