Dynamically allocate the gidset field in audit record.

This fixes a problem created by the recent change that allows a large number of groups per user. The gidset field in struct kaudit_record is now dynamically allocated to the size needed rather than statically (using NGROUPS). Approved by: re@ (kensmith, rwatson), gnn (mentor)
svn path=/head/; revision=195177
2024-12-19 10:53:58 +00:00 · 2009-06-29 20:19:19 +00:00 · 2009-06-29 20:19:19 +00:00 · 86120afae4 · 2020-12-20 02:59:44 +00:00
commit 86120afae4
parent 6cb7f168db
3 changed files with 13 additions and 2 deletions
--- a/sys/security/audit/audit.c
+++ b/sys/security/audit/audit.c
@ -77,6 +77,7 @@ static MALLOC_DEFINE(M_AUDITCRED, "audit_cred", "Audit cred storage");
 MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage");
 MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage");
 MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage");
+MALLOC_DEFINE(M_AUDITGIDSET, "audit_gidset", "Audit GID set storage");

 SYSCTL_NODE(_security, OID_AUTO, audit, CTLFLAG_RW, 0,
    "TrustedBSD audit controls");
@ -253,6 +254,8 @@ audit_record_dtor(void *mem, int size, void *arg)
 		free(ar->k_ar.ar_arg_argv, M_AUDITTEXT);
 	if (ar->k_ar.ar_arg_envv != NULL)
 		free(ar->k_ar.ar_arg_envv, M_AUDITTEXT);
+	if (ar->k_ar.ar_arg_groups.gidset != NULL)
+		free(ar->k_ar.ar_arg_groups.gidset, M_AUDITGIDSET);
 }

 /*
--- a/sys/security/audit/audit_arg.c
+++ b/sys/security/audit/audit_arg.c
@ -236,10 +236,17 @@ audit_arg_groupset(gid_t *gidset, u_int gidset_size)
 	u_int i;
 	struct kaudit_record *ar;

+	KASSERT(gidset_size <= NGROUPS,
+	    ("audit_arg_groupset: gidset_size > NGROUPS"));
+
 	ar = currecord();
 	if (ar == NULL)
 		return;

+	if (ar->k_ar.ar_arg_groups.gidset == NULL)
+		ar->k_ar.ar_arg_groups.gidset = malloc(
+		    sizeof(gid_t) * gidset_size, M_AUDITGIDSET, M_WAITOK);
+
 	for (i = 0; i < gidset_size; i++)
 		ar->k_ar.ar_arg_groups.gidset[i] = gidset[i];
 	ar->k_ar.ar_arg_groups.gidset_size = gidset_size;
--- a/sys/security/audit/audit_private.h
+++ b/sys/security/audit/audit_private.h
@ -50,6 +50,7 @@ MALLOC_DECLARE(M_AUDITBSM);
 MALLOC_DECLARE(M_AUDITDATA);
 MALLOC_DECLARE(M_AUDITPATH);
 MALLOC_DECLARE(M_AUDITTEXT);
+MALLOC_DECLARE(M_AUDITGIDSET);
 #endif

 /*
@ -104,8 +105,8 @@ struct vnode_au_info {
 };

 struct groupset {
-	gid_t	gidset[NGROUPS];
-	u_int	gidset_size;
+	gid_t	*gidset;
+	u_int	 gidset_size;
 };

 struct socket_au_info {