mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-11 12:28:41 +08:00
kernel/groups.c: fix integer overflow in groups_search
gid_t is a unsigned int. If group_info contains a gid greater than MAX_INT, groups_search() function may look on the wrong side of the search tree. This solves some unfair "permission denied" problems. Signed-off-by: Jerome Marchand <jmarchan@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Jerome Marchand
Linus Torvalds
parent
94131e174f
commit
1c24de60e5
@ -143,10 +143,9 @@ int groups_search(const struct group_info *group_info, gid_t grp)
|
||||
right = group_info->ngroups;
|
||||
while (left < right) {
|
||||
unsigned int mid = (left+right)/2;
|
||||
int cmp = grp - GROUP_AT(group_info, mid);
|
||||
if (cmp > 0)
|
||||
if (grp > GROUP_AT(group_info, mid))
|
||||
left = mid + 1;
|
||||
else if (cmp < 0)
|
||||
else if (grp < GROUP_AT(group_info, mid))
|
||||
right = mid;
|
||||
else
|
||||
return 1;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user