From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 17 Jun 2016 12:50:44 +0000 (+0200)
Subject: tools: virt-login-shell: Fix group list bounds checking
X-Git-Tag: v2.0.0-rc1~152
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94f93d7071638fb9f59556bc07c1ca61b77a7b13;p=thirdparty%2Flibvirt.git

tools: virt-login-shell: Fix group list bounds checking

The list certainly isn't zero terminated and it would disallow usage of
group 'root'. Pass in the array size and match against it.
---

diff --git a/tools/virt-login-shell.c b/tools/virt-login-shell.c
index 38fcb9e38f..96ca410b54 100644
--- a/tools/virt-login-shell.c
+++ b/tools/virt-login-shell.c
@@ -47,7 +47,8 @@ static const char *conf_file = SYSCONFDIR "/libvirt/virt-login-shell.conf";
 
 static int virLoginShellAllowedUser(virConfPtr conf,
                                     const char *name,
-                                    gid_t *groups)
+                                    gid_t *groups,
+                                    size_t ngroups)
 {
     virConfValuePtr p;
     int ret = -1;
@@ -74,7 +75,7 @@ static int virLoginShellAllowedUser(virConfPtr conf,
                     ptr = &pp->str[1];
                     if (!*ptr)
                         continue;
-                    for (i = 0; groups[i]; i++) {
+                    for (i = 0; i < ngroups; i++) {
                         if (!(gname = virGetGroupName(groups[i])))
                             continue;
                         if (fnmatch(ptr, gname, 0) == 0) {
@@ -306,7 +307,7 @@ main(int argc, char **argv)
     if ((ngroups = virGetGroupList(uid, gid, &groups)) < 0)
         goto cleanup;
 
-    if (virLoginShellAllowedUser(conf, name, groups) < 0)
+    if (virLoginShellAllowedUser(conf, name, groups, ngroups) < 0)
         goto cleanup;
 
     if (virLoginShellGetShellArgv(conf, &shargv, &shargvlen) < 0)