Merge branches 'cov217_021' and 'cid_450' into maint-0.2.1

2 files changed, 19 insertions, 2 deletions

diff --git a/changes/cid_450 b/changes/cid_450
new file mode 100644
index 0000000000..2045fca239
--- /dev/null
+++ b/changes/cid_450
@@ -0,0 +1,5 @@
+  o Minor bugfixes:
+    - Don't stack-allocate the list of supplementary GIDs when we're
+      about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+      could take up to 256K, which is way too much stack.  Found by
+      Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
diff --git a/src/common/compat.c b/src/common/compat.c
index 39651084a0..9533c115b6 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -1080,7 +1080,8 @@ log_credential_status(void)
   /* Read, effective and saved GIDs */
   gid_t rgid, egid, sgid;
   /* Supplementary groups */
-  gid_t sup_gids[NGROUPS_MAX + 1];
+  gid_t *sup_gids = NULL;
+  int sup_gids_size;
   /* Number of supplementary groups */
   int ngids;
 
@@ -1126,9 +1127,19 @@ log_credential_status(void)
 #endif
 
   /* log supplementary groups */
-  if ((ngids = getgroups(NGROUPS_MAX + 1, sup_gids)) < 0) {
+  sup_gids_size = 64;
+  sup_gids = tor_malloc(sizeof(gid_t) * 64);
+  while ((ngids = getgroups(sup_gids_size, sup_gids)) < 0 &&
+         errno == EINVAL &&
+         sup_gids_size < NGROUPS_MAX) {
+    sup_gids_size *= 2;
+    sup_gids = tor_realloc(sup_gids, sizeof(gid_t) * sup_gids_size);
+  }
+
+  if (ngids < 0) {
     log_warn(LD_GENERAL, "Error getting supplementary GIDs: %s",
              strerror(errno));
+    tor_free(sup_gids);
     return -1;
   } else {
     int i, retval = 0;
@@ -1158,6 +1169,7 @@ log_credential_status(void)
       tor_free(cp);
     });
     smartlist_free(elts);
+    tor_free(sup_gids);
 
     return retval;
   }