From 814108dc02a4de5d0333e9c2713f809fc3d2da47 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 18 Apr 2018 10:20:06 +0200
Subject: [PATCH] nss-idmap: do not set a limit
If the limit is set the needed size to return all groups cannot be
returned.
Related to https://pagure.io/SSSD/sssd/issue/3715
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 46a4c265629d9b725c41f22849741ce7342bdd85)
DOWNSTREAM:
Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]
---
src/sss_client/idmap/sss_nss_ex.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c
index af6a95180656b598bcb94c209dfa821cb0275f02..f56bffcc24a7e2503e23a892541a9242ed4b5069 100644
--- a/src/sss_client/idmap/sss_nss_ex.c
+++ b/src/sss_client/idmap/sss_nss_ex.c
@@ -96,7 +96,9 @@ errno_t sss_nss_mc_get(struct nss_input *inp)
inp->result.initgrrep.start,
inp->result.initgrrep.ngroups,
&(inp->result.initgrrep.groups),
- *(inp->result.initgrrep.ngroups));
+ /* no limit so that needed size can
+ * be returned properly */
+ -1);
break;
default:
return EINVAL;
--
2.14.3