Blob Blame History Raw
From 814108dc02a4de5d0333e9c2713f809fc3d2da47 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 18 Apr 2018 10:20:06 +0200
Subject: [PATCH] nss-idmap: do not set a limit

If the limit is set the needed size to return all groups cannot be
returned.

Related to https://pagure.io/SSSD/sssd/issue/3715

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 46a4c265629d9b725c41f22849741ce7342bdd85)

DOWNSTREAM:
Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]
---
 src/sss_client/idmap/sss_nss_ex.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
index af6a95180656b598bcb94c209dfa821cb0275f02..f56bffcc24a7e2503e23a892541a9242ed4b5069 100644
--- a/src/sss_client/idmap/sss_nss_ex.c
+++ b/src/sss_client/idmap/sss_nss_ex.c
@@ -96,7 +96,9 @@ errno_t sss_nss_mc_get(struct nss_input *inp)
                                          inp->result.initgrrep.start,
                                          inp->result.initgrrep.ngroups,
                                          &(inp->result.initgrrep.groups),
-                                         *(inp->result.initgrrep.ngroups));
+                                         /* no limit so that needed size can
+                                          * be returned properly */
+                                         -1);
         break;
     default:
         return EINVAL;
-- 
2.14.3