From 814108dc02a4de5d0333e9c2713f809fc3d2da47 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 18 Apr 2018 10:20:06 +0200 Subject: [PATCH] nss-idmap: do not set a limit If the limit is set the needed size to return all groups cannot be returned. Related to https://pagure.io/SSSD/sssd/issue/3715 Reviewed-by: Jakub Hrozek (cherry picked from commit 46a4c265629d9b725c41f22849741ce7342bdd85) DOWNSTREAM: Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z] --- src/sss_client/idmap/sss_nss_ex.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c index af6a95180656b598bcb94c209dfa821cb0275f02..f56bffcc24a7e2503e23a892541a9242ed4b5069 100644 --- a/src/sss_client/idmap/sss_nss_ex.c +++ b/src/sss_client/idmap/sss_nss_ex.c @@ -96,7 +96,9 @@ errno_t sss_nss_mc_get(struct nss_input *inp) inp->result.initgrrep.start, inp->result.initgrrep.ngroups, &(inp->result.initgrrep.groups), - *(inp->result.initgrrep.ngroups)); + /* no limit so that needed size can + * be returned properly */ + -1); break; default: return EINVAL; -- 2.14.3