D46913.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D46913.diff
View Options

	diff --git a/sys/kern/subr_param.c b/sys/kern/subr_param.c
	--- a/sys/kern/subr_param.c
	+++ b/sys/kern/subr_param.c
	@@ -228,14 +228,32 @@
	TUNABLE_ULONG_FETCH("kern.sgrowsiz", &sgrowsiz);

	/*
	- * Let the administrator set {NGROUPS_MAX}, but disallow values
	- * less than NGROUPS_MAX which would violate POSIX.1-2008 or
	- * greater than INT_MAX-1 which would result in overflow.
	+ * Let the administrator set {NGROUPS_MAX}.
	+ *
	+ * Values less than NGROUPS_MAX would violate POSIX/SuS (see the
	+ * specification for <limits.h>, paragraph "Runtime Increasable
	+ * Values").
	+ *
	+ * On the other hand, INT_MAX would result in an overflow for the common
	+ * 'ngroups_max + 1' computation (to obtain the size of the internal
	+ * groups array, its first element being reserved for the effective
	+ * GID). Also, the number of allocated bytes for the group array must
	+ * not overflow on 32-bit machines. For all these reasons, we limit the
	+ * number of supplementary groups to some very high number that we
	+ * expect will never be reached in all practical uses and ensures we
	+ * avoid the problems just exposed, even if 'gid_t' was to be enlarged
	+ * by a magnitude.
	*/
	ngroups_max = NGROUPS_MAX;
	TUNABLE_INT_FETCH("kern.ngroups", &ngroups_max);
	if (ngroups_max < NGROUPS_MAX)
	ngroups_max = NGROUPS_MAX;
	+ else {
	+ const int ngroups_max_max = (1 << 24) - 1;
	+
	+ if (ngroups_max > ngroups_max_max)
	+ ngroups_max = ngroups_max_max;
	+ }

	/*
	* Only allow to lower the maximal pid.