From d43b0a43ca09d1f11cbe2612df6d8b0761a08591 Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Sun, 25 Jan 2015 00:47:06 +0000
Subject: gr_equal(): Fix a crash that could occur if the first group's member
 list was longer than the second's. There is no need to compute and compare
 the member list lengths in a separate pass, since we now just return false
 when comparing member names if the list lengths are not equal.

MFC after:	2 weeks
---
 libutil/gr_util.c | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

(limited to 'libutil')

diff --git a/libutil/gr_util.c b/libutil/gr_util.c
index 465efd9..b0b0b36 100644
--- a/libutil/gr_util.c
+++ b/libutil/gr_util.c
@@ -351,8 +351,6 @@ gr_fini(void)
 int
 gr_equal(const struct group *gr1, const struct group *gr2)
 {
-	int gr1_ndx;
-	int gr2_ndx;
 
 	/* Check that the non-member information is the same. */
 	if (gr1->gr_name == NULL || gr2->gr_name == NULL) {
@@ -368,7 +366,8 @@ gr_equal(const struct group *gr1, const struct group *gr2)
 	if (gr1->gr_gid != gr2->gr_gid)
 		return (false);
 
-	/* Check all members in both groups.
+	/*
+	 * Check all members in both groups.
 	 * getgrnam can return gr_mem with a pointer to NULL.
 	 * gr_dup and gr_add strip out this superfluous NULL, setting
 	 * gr_mem to NULL for no members.
@@ -376,22 +375,18 @@ gr_equal(const struct group *gr1, const struct group *gr2)
 	if (gr1->gr_mem != NULL && gr2->gr_mem != NULL) {
 		int i;
 
-		for (i = 0; gr1->gr_mem[i] != NULL; i++) {
+		for (i = 0;
+		    gr1->gr_mem[i] != NULL && gr2->gr_mem[i] != NULL; i++) {
 			if (strcmp(gr1->gr_mem[i], gr2->gr_mem[i]) != 0)
 				return (false);
 		}
-	}
-	/* Count number of members in both structs */
-	gr2_ndx = 0;
-	if (gr2->gr_mem != NULL)
-		for(; gr2->gr_mem[gr2_ndx] != NULL; gr2_ndx++)
-			/* empty */;
-	gr1_ndx = 0;
-	if (gr1->gr_mem != NULL)
-		for(; gr1->gr_mem[gr1_ndx] != NULL; gr1_ndx++)
-			/* empty */;
-	if (gr1_ndx != gr2_ndx)
+		if (gr1->gr_mem[i] != NULL || gr2->gr_mem[i] != NULL)
+			return (false);
+	} else if (gr1->gr_mem != NULL && gr1->gr_mem[0] != NULL) {
 		return (false);
+	} else if (gr2->gr_mem != NULL && gr2->gr_mem[0] != NULL) {
+		return (false);
+	}
 
 	return (true);
 }
-- 
cgit v1.2.3-56-ge451